RFC 9175

Constrained Application Protocol (CoAP): Echo, Request-Tag, and Token Processing, February 2022

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
PROPOSED STANDARD
Updates:
RFC 7252
Authors:
C. Amsüss
J. Preuß Mattsson
G. Selander
Stream:
IETF
Source:
core (art)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC9175

Discuss this RFC: Send questions or comments to core@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9175


Abstract

This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address. The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request. This document updates RFC 7252 with respect to the following: processing requirements for client Tokens, forbidding non-secure reuse of Tokens to ensure response-to-request binding when CoAP is used with a security protocol, and amplification mitigation (where the use of the Echo option is now recommended).


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search