Authentication Service Based on the Extensible Authentication Protocol for Use with the Constrained Application Protocol
RFC 9820, “Authentication Service Based on the Extensible Authentication Protocol for Use with the Constrained Application Protocol”, is a Proposed Standard document published in September 2025 by R. Marin-Lopez, D. Garcia-Carrillo. The canonical text is published by the RFC Editor.
Abstract
This document specifies an authentication service that uses the Constrained Application Protocol (CoAP) as a transport method to carry the Extensible Authentication Protocol (EAP). As such, it defines an EAP lower layer based on CoAP called "CoAP-EAP". One of the main goals is to authenticate a CoAP-enabled Internet of Things (IoT) device (EAP peer) that intends to join a security domain managed by a Controller (EAP authenticator). Secondly, it allows deriving key material to protect CoAP messages exchanged between them based on Object Security for Constrained RESTful Environments (OSCORE), enabling the establishment of a security association between them.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9820 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9819 Argument Signaling for BGP Services in Segment Routing over IPv6
- RFC 9818 DHCPv6 Prefix Delegation on IPv6 Customer Edge Routers in LANs
- RFC 9817 Use Cases for In-Network Computing
- RFC 9816 Usage and Applicability of BGP Link State Shortest Path First Routing in Data Centers
- RFC 9824 Compact Denial of Existence in DNSSEC
- RFC 9815 BGP Link State Shortest Path First Routing
- RFC 9825 Extensions to OSPF for Advertising Prefix Administrative Tags
- RFC 9814 Use of the SLH-DSA Signature Algorithm in the Cryptographic Message Syntax