Constrained Application Protocol : Echo, Request-Tag, and Token Processing
RFC 9175, “Constrained Application Protocol : Echo, Request-Tag, and Token Processing”, is a Proposed Standard document published in February 2022 by C. Amsüss, J. Preuß Mattsson, G. Selander. It updates RFC 7252. The canonical text is published by the RFC Editor.
Abstract
This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address. The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request. This document updates RFC 7252 with respect to the following: processing requirements for client Tokens, forbidding non-secure reuse of Tokens to ensure response-to-request binding when CoAP is used with a security protocol, and amplification mitigation (where the use of the Echo option is now recommended).
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9175 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9174 Delay-Tolerant Networking TCP Convergence-Layer Protocol Version 4
- RFC 9176 Constrained RESTful Environments Resource Directory
- RFC 9173 Default Security Contexts for Bundle Protocol Security
- RFC 9177 Constrained Application Protocol Block-Wise Transfer Options Supporting Robust Transmission
- RFC 9172 Bundle Protocol Security
- RFC 9178 Building Power-Efficient Constrained Application Protocol Devices for Cellular Networks
- RFC 9171 Bundle Protocol Version 7
- RFC 9179 A YANG Grouping for Geographic Locations