Technical Summary
This document specifies enhancements to the Constrained Application
Protocol (CoAP) that mitigate security issues in particular use
cases. The Echo option enables a CoAP server to verify the freshness
of a request or to force a client to demonstrate reachability at its
claimed network address. The Request-Tag option allows the CoAP
server to match block-wise message fragments belonging to the same
request. This document updates RFC7252 with respect to the client
Token processing requirements, forbidding non-secure reuse of Tokens
to ensure binding of response to request when CoAP is used with
security, and with respect to amplification mitigation, where the use
of Echo is now recommended.
Working Group Summary / Document Quality
The document has been discussed in multiple IETF meetings, and has
gone through multiple expert reviews. Consensus has been reached on
the content of this document and its need.
Personnel
Document Shepherd: Marco Tiloca
Area Director: Francesca Palombini