RFC 9175
Constrained Application Protocol (CoAP): Echo, Request-Tag, and Token Processing, February 2022
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 7252
- Authors:
- C. Amsüss
J. Preuß Mattsson
G. Selander - Stream:
- IETF
- Source:
- core (wit)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9175
Discuss this RFC: Send questions or comments to the mailing list core@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9175
Abstract
This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address. The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request. This document updates RFC 7252 with respect to the following: processing requirements for client Tokens, forbidding non-secure reuse of Tokens to ensure response-to-request binding when CoAP is used with a security protocol, and amplification mitigation (where the use of the Echo option is now recommended).
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.