{
  "draft": "draft-ietf-core-echo-request-tag-14",
  "doc_id": "RFC9175",
  "title": "Constrained Application Protocol (CoAP): Echo, Request-Tag, and Token Processing",
  "authors": [
    "C. Ams\u00fcss",
    "J. Preu\u00df Mattsson",
    "G. Selander"
  ],
  "format": [
    "XML",
    "TEXT",
    "HTML",
    "PDF"
  ],
  "page_count": "27",
  "pub_status": "PROPOSED STANDARD",
  "status": "PROPOSED STANDARD",
  "source": "Constrained RESTful Environments",
  "abstract": "This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases.  The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address.  The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request.  This document updates RFC 7252 with respect to the following: processing requirements for client Tokens, forbidding non-secure reuse of Tokens to ensure response-to-request binding when CoAP is used with a security protocol, and amplification mitigation (where the use of the Echo option is now recommended).",
  "pub_date": "February 2022",
  "keywords": [
    "OSCORE",
    "block-wise",
    "DTLS",
    "freshness",
    "delay",
    "denial-of-service",
    "amplification",
    "Message Body Integrity",
    "Concurrent Block-Wise",
    "Request-Response Binding",
    "Token Reuse"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [
    "RFC7252"
  ],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC9175",
  "errata_url": null
}