Constrained Application Protocol (CoAP): Echo, Request-Tag, and Token Processing, February 2022
- File formats:
- PROPOSED STANDARD
- RFC 7252
- C. Amsüss
J. Preuß Mattsson
- core (art)
Discuss this RFC: Send questions or comments to email@example.com
This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address. The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request. This document updates RFC 7252 with respect to the following: processing requirements for client Tokens, forbidding non-secure reuse of Tokens to ensure response-to-request binding when CoAP is used with a security protocol, and amplification mitigation (where the use of the Echo option is now recommended).
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.