{"draft":"draft-ietf-core-echo-request-tag-14","doc_id":"RFC9175","title":"Constrained Application Protocol (CoAP): Echo, Request-Tag, and Token Processing","authors":["C. Ams\u00fcss","J. Preu\u00df Mattsson","G. Selander"],"format":["HTML","TEXT","PDF","XML"],"page_count":"27","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Constrained RESTful Environments","abstract":"This document specifies enhancements to the Constrained Application\r\nProtocol (CoAP) that mitigate security issues in particular use\r\ncases. The Echo option enables a CoAP server to verify the freshness\r\nof a request or to force a client to demonstrate reachability at its\r\nclaimed network address. The Request-Tag option allows the CoAP\r\nserver to match block-wise message fragments belonging to the same\r\nrequest. This document updates RFC 7252 with respect to the\r\nfollowing: processing requirements for client Tokens, forbidding\r\nnon-secure reuse of Tokens to ensure response-to-request binding when\r\nCoAP is used with a security protocol, and amplification mitigation\r\n(where the use of the Echo option is now recommended).","pub_date":"February 2022","keywords":["OSCORE","block-wise","DTLS","freshness","delay","denial-of-service","amplification","Message Body Integrity","Concurrent Block-Wise","Request-Response Binding","Token Reuse"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC7252"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9175","errata_url":null}