%% You should probably cite rfc9175 instead of this I-D. @techreport{ietf-core-echo-request-tag-12, number = {draft-ietf-core-echo-request-tag-12}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-core-echo-request-tag/12/}, author = {Christian Amsüss and John Preuß Mattsson and Göran Selander}, title = {{CoAP: Echo, Request-Tag, and Token Processing}}, pagetotal = 34, year = 2021, month = feb, day = 1, abstract = {This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address. The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request. This document updates RFC7252 with respect to the client Token processing requirements, forbidding non-secure reuse of Tokens to ensure binding of response to request when CoAP is used with a security protocol, and with respect to amplification mitigation, where the use of Echo is now recommended.}, }