%% You should probably cite rfc9175 instead of this I-D.
@techreport{ietf-core-echo-request-tag-10,
    number =    {draft-ietf-core-echo-request-tag-10},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-core-echo-request-tag/10/},
    author =    {Christian Amsüss and John Preuß Mattsson and Göran Selander},
    title =     {{CoAP: Echo, Request-Tag, and Token Processing}},
    pagetotal = 31,
    year =      2020,
    month =     jul,
    day =       13,
    abstract =  {This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address. The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request. This document updates RFC7252 with respect to the client Token processing requirements, forbidding non-secure reuse of Tokens to ensure binding of response to request when CoAP is used with security, and with respect to amplification mitigation, where the use of Echo is now recommended.},
}