Object Security of CoAP (OSCOAP)

Document Type Replaced Internet-Draft (individual)
Authors Göran Selander  , John Preuß Mattsson  , Francesca Palombini  , Ludwig Seitz 
Last updated 2016-10-11
Replaced by RFC 8613
Stream (None)
Intended RFC status (None)
Expired & archived
plain text xml htmlized pdfized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-core-object-security
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo defines Object Security of CoAP (OSCOAP), a method for application layer protection of message exchanges with the Constrained Application Protocol (CoAP), using the CBOR Object Signing and Encryption (COSE) format. OSCOAP provides end-to-end encryption, integrity and replay protection to CoAP payload, options, and header fields, as well as a secure binding between CoAP request and response messages. The use of OSCOAP is signaled with the CoAP option Object-Security, also defined in this memo.


Göran Selander (goran.selander@ericsson.com)
John Preuß Mattsson (john.mattsson@ericsson.com)
Francesca Palombini (francesca.palombini@ericsson.com)
Ludwig Seitz (ludwig@sics.se)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)