Search RFCs
RFC 9175
Constrained Application Protocol (CoAP): Echo, Request-Tag, and Token Processing,February 2022
- File formats:
- Also available:XML file for editing
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 7252
- Authors:
- C. Amsüss
J. Preuß Mattsson
G. Selander - Stream:
- IETF
- Source:
- core (wit)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9175
Discuss this RFC: Send questions or comments to the mailing listcore@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9175
Abstract
This document specifies enhancements to the Constrained ApplicationProtocol (CoAP) that mitigate security issues in particular usecases. The Echo option enables a CoAP server to verify the freshnessof a request or to force a client to demonstrate reachability at itsclaimed network address. The Request-Tag option allows the CoAPserver to match block-wise message fragments belonging to the samerequest. This document updates RFC 7252 with respect to thefollowing: processing requirements for client Tokens, forbiddingnon-secure reuse of Tokens to ensure response-to-request binding whenCoAP is used with a security protocol, and amplification mitigation(where the use of the Echo option is now recommended).
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.