A publish-subscribe architecture for the Constrained Application Protocol (CoAP)

	draft-ietf-core-coap-pubsub-15.txt
	Date:	21/10/2024
	Authors:	Jaime Jimenez, Michael Koster, Ari Keranen
	Working Group:	Constrained RESTful Environments (core)

This document describes a publish-subscribe architecture for the Constrained Application Protocol (CoAP), extending the capabilities of CoAP communications for supporting endpoints with long breaks in connectivity and/or up-time. CoAP clients publish on and subscribe to a topic via a corresponding topic resource at a CoAP server acting as broker.

CoAP Management Interface (CORECONF)

	draft-ietf-core-comi-19.txt
	Date:	03/11/2024
	Authors:	Michel Veillette, Peter van der Stok, Alexander Pelov, Andy Bierman, Carsten Bormann
	Working Group:	Constrained RESTful Environments (core)

This document describes a network management interface for constrained devices and networks, called CoAP Management Interface (CORECONF). The Constrained Application Protocol (CoAP) is used to access datastore and data node resources specified in YANG, or SMIv2 converted to YANG. CORECONF uses the YANG to CBOR mapping and converts YANG identifier strings to numeric identifiers for payload size reduction. CORECONF extends the set of YANG based protocols, NETCONF and RESTCONF, with the capability to manage constrained devices and networks.

Group Object Security for Constrained RESTful Environments (Group OSCORE)

	draft-ietf-core-oscore-groupcomm-23.txt
	Date:	26/09/2024
	Authors:	Marco Tiloca, Goeran Selander, Francesca Palombini, John Mattsson, Rikard Hoeglund
	Working Group:	Constrained RESTful Environments (core)

This document defines the security protocol Group Object Security for Constrained RESTful Environments (Group OSCORE), providing end-to-end security of CoAP messages exchanged between members of a group, e.g., sent over IP multicast. In particular, the described protocol defines how OSCORE is used in a group communication setting to provide source authentication for CoAP group requests, sent by a client to multiple servers, and for protection of the corresponding CoAP responses. Group OSCORE also defines a pairwise mode where each member of the group can efficiently derive a symmetric pairwise key with any other member of the group for pairwise OSCORE communication. Group OSCORE can be used between endpoints communicating with CoAP or CoAP-mappable HTTP.

Constrained Resource Identifiers

	draft-ietf-core-href-16.txt
	Date:	24/07/2024
	Authors:	Carsten Bormann, Henk Birkholz
	Working Group:	Constrained RESTful Environments (core)

The Constrained Resource Identifier (CRI) is a complement to the Uniform Resource Identifier (URI) that represents the URI components in Concise Binary Object Representation (CBOR) instead of in a sequence of characters. This simplifies parsing, comparison, and reference resolution in environments with severe limitations on processing power, code size, and memory size. This RFC updates RFC 7595 to add a note on how the URI Schemes registry RFC 7595 describes cooperates with the CRI Scheme Numbers registry created by the present RFC. // (This "cref" paragraph will be removed by the RFC editor:) The // present revision –16 of this draft continues -15 by picking up // more comments; it was made specifically for IETF 120. This // revision still contains open issues and is intended to serve as a // snapshot.

Group Communication for the Constrained Application Protocol (CoAP)

	draft-ietf-core-groupcomm-bis-12.txt
	Date:	21/10/2024
	Authors:	Esko Dijk, Chonggang Wang, Marco Tiloca
	Working Group:	Constrained RESTful Environments (core)

This document specifies the use of the Constrained Application Protocol (CoAP) for group communication, including the use of UDP/IP multicast as the default underlying data transport. Both unsecured and secured CoAP group communication are specified. Security is achieved by use of the Group Object Security for Constrained RESTful Environments (Group OSCORE) protocol. The target application area of this specification is any group communication use cases that involve resource-constrained devices or networks that support CoAP. This document replaces and obsoletes RFC 7390, while it updates RFC 7252 and RFC 7641.

Observe Notifications as CoAP Multicast Responses

	draft-ietf-core-observe-multicast-notifications-10.txt
	Date:	21/10/2024
	Authors:	Marco Tiloca, Rikard Hoeglund, Christian Amsuess, Francesca Palombini
	Working Group:	Constrained RESTful Environments (core)

The Constrained Application Protocol (CoAP) allows clients to "observe" resources at a server, and receive notifications as unicast responses upon changes of the resource state. In some use cases, such as based on publish-subscribe, it would be convenient for the server to send a single notification addressed to all the clients observing a same target resource. This document updates RFC7252 and RFC7641, and defines how a server sends observe notifications as response messages over multicast, synchronizing all the observers of a same resource on a same shared Token value. Besides, this document defines how Group OSCORE can be used to protect multicast notifications end-to-end between the server and the observer clients.

Conditional Attributes for Constrained RESTful Environments

	draft-ietf-core-conditional-attributes-10.txt
	Date:	10/12/2024
	Authors:	Bill Silverajan, Michael Koster, Alan Soloway
	Working Group:	Constrained RESTful Environments (core)

This specification defines Conditional Notification and Control Attributes that work with CoAP Observe (RFC7641).

Key Update for OSCORE (KUDOS)

	draft-ietf-core-oscore-key-update-09.txt
	Date:	21/10/2024
	Authors:	Rikard Hoeglund, Marco Tiloca
	Working Group:	Constrained RESTful Environments (core)

This document defines Key Update for OSCORE (KUDOS), a lightweight procedure that two CoAP endpoints can use to update their keying material by establishing a new OSCORE Security Context. Accordingly, it updates the use of the OSCORE flag bits in the CoAP OSCORE Option as well as the protection of CoAP response messages with OSCORE, and it deprecates the key update procedure specified in Appendix B.2 of RFC 8613. Thus, this document updates RFC 8613. Also, this document defines a procedure that two endpoints can use to update their OSCORE identifiers, run either stand-alone or during a KUDOS execution.

CoAP Transport Indication

	draft-ietf-core-transport-indication-07.txt
	Date:	21/10/2024
	Authors:	Christian Amsuess, Martine Lenders
	Working Group:	Constrained RESTful Environments (core)

The Constrained Application Protocol (CoAP, [RFC7252]) is available over different transports (UDP, DTLS, TCP, TLS, WebSockets), but lacks a way to unify these addresses. This document provides terminology and provisions based on Web Linking [RFC8288] and Service Bindings (SVCB, [RFC9460]) to express alternative transports available to a device, and to optimize exchanges using these.

DNS over CoAP (DoC)

	draft-ietf-core-dns-over-coap-09.txt
	Date:	21/10/2024
	Authors:	Martine Lenders, Christian Amsuess, Cenk Gundogan, Thomas Schmidt, Matthias Waehlisch
	Working Group:	Constrained RESTful Environments (core)

This document defines a protocol for sending DNS messages over the Constrained Application Protocol (CoAP). These CoAP messages are protected by DTLS-Secured CoAP (CoAPS) or Object Security for Constrained RESTful Environments (OSCORE) to provide encrypted DNS message exchange for constrained devices in the Internet of Things (IoT).

Key Usage Limits for OSCORE

	draft-ietf-core-oscore-key-limits-03.txt
	Date:	08/07/2024
	Authors:	Rikard Hoeglund, Marco Tiloca
	Working Group:	Constrained RESTful Environments (core)

Object Security for Constrained RESTful Environments (OSCORE) uses AEAD algorithms to ensure confidentiality and integrity of exchanged messages. Due to known issues allowing forgery attacks against AEAD algorithms, limits should be followed on the number of times a specific key is used for encryption or decryption. Among other reasons, approaching key usage limits requires updating the OSCORE keying material before communications can securely continue. This document defines how two OSCORE peers can follow these key usage limits and what steps they should take to preserve the security of their communications.

Constrained Application Protocol (CoAP) Performance Measurement Option

	draft-ietf-core-coap-pm-03.txt
	Date:	03/10/2024
	Authors:	Giuseppe Fioccola, Tianran Zhou, Massimo Nilo, Fabio Bulgarella
	Working Group:	Constrained RESTful Environments (core)

This document specifies a method for the Performance Measurement of the Constrained Application Protocol (CoAP). A new CoAP option is defined in order to enable network telemetry both end-to-end and hop- by-hop. The endpoints cooperate by marking and, possibly, mirroring information on the round-trip connection.

OSCORE-capable Proxies

	draft-ietf-core-oscore-capable-proxies-03.txt
	Date:	21/10/2024
	Authors:	Marco Tiloca, Rikard Hoeglund
	Working Group:	Constrained RESTful Environments (core)

Object Security for Constrained RESTful Environments (OSCORE) can be used to protect CoAP messages end-to-end between two endpoints at the application layer, also in the presence of intermediaries such as proxies. This document defines how to use OSCORE for protecting CoAP messages also between an origin application endpoint and an intermediary, or between two intermediaries. Also, it defines rules to escalate the protection of a CoAP option, in order to encrypt and integrity-protect it whenever possible. Finally, it defines how to secure a CoAP message by applying multiple, nested OSCORE protections, e.g., both end-to-end between origin application endpoints, and between an application endpoint and an intermediary or between two intermediaries. Therefore, this document updates RFC 8613. Furthermore, this document updates RFC 8768, by explicitly defining the processing with OSCORE for the CoAP option Hop-Limit. The approach defined in this document can be seamlessly used with Group OSCORE, for protecting CoAP messages when group communication is used in the presence of intermediaries.

Proxy Operations for CoAP Group Communication

	draft-ietf-core-groupcomm-proxy-03.txt
	Date:	21/10/2024
	Authors:	Marco Tiloca, Esko Dijk
	Working Group:	Constrained RESTful Environments (core)

This document specifies the operations performed by a proxy, when using the Constrained Application Protocol (CoAP) in group communication scenarios. Such a proxy processes a single request sent by a client over unicast, and distributes the request to a group of servers, e.g., over UDP/IP multicast as the defined default transport protocol. Then, the proxy collects the individual responses from those servers and relays those responses back to the client, in a way that allows the client to distinguish the responses and their origin servers through embedded addressing information. This document updates RFC7252 with respect to caching of response messages at proxies.

Identifier Update for OSCORE

	draft-ietf-core-oscore-id-update-01.txt
	Date:	08/07/2024
	Authors:	Rikard Hoeglund, Marco Tiloca
	Working Group:	Constrained RESTful Environments (core)

Two peers that communicate with the CoAP protocol can use the Object Security for Constrained RESTful Environments (OSCORE) protocol to protect their message exchanges end-to-end. To this end, the two peers share an OSCORE Security Context and a number of related identifiers. In particular, each of the two peers stores a Sender ID that identifies its own Sender Context within the Security Context, and a Recipient ID that identifies the Recipient Context associated with the other peer within the same Security Context. These identifiers are sent in plaintext within OSCORE-protected messages. Hence, they can be used to correlate messages exchanged between peers and track those peers, with consequent privacy implications. This document defines an OSCORE ID update procedure that two peers can use to update their OSCORE identifiers. This procedure can be run stand- alone or seamlessly integrated in an execution of the Key Update for OSCORE (KUDOS) procedure.

ALPN ID Specification for CoAP over DTLS

	draft-ietf-core-coap-dtls-alpn-01.txt
	Date:	16/12/2024
	Authors:	Martine Lenders, Christian Amsuess, Thomas Schmidt, Matthias Waehlisch
	Working Group:	Constrained RESTful Environments (core)

This document specifies an Application-Layer Protocol Negotiation (ALPN) ID for transport-layer-secured CoAP services.

Constrained Application Protocol (CoAP): Corrections and Clarifications

	draft-ietf-core-corr-clar-01.txt
	Date:	18/12/2024
	Authors:	Carsten Bormann
	Working Group:	Constrained RESTful Environments (core)

RFC 7252 defines the Constrained Application Protocol (CoAP), along with a number of additional specifications, including RFC 7641, RFC 7959, RFC 8132, and RFC 8323. RFC 6690 defines the link format that is used in CoAP self-description documents. Some parts of the specification may be unclear or even contain errors that may lead to misinterpretations that may impair interoperability between different implementations. The present document provides corrections, additions, and clarifications to the RFCs cited; this document thus updates these RFCs. In addition, other clarifications related to the use of CoAP in other specifications, including RFC 7390 and RFC 8075, are also provided.

Update to the IANA CoAP Content-Formats Registration Procedures

	draft-ietf-core-cf-reg-update-01.txt
	Date:	19/12/2024
	Authors:	Thomas Fossati, Esko Dijk
	Working Group:	Constrained RESTful Environments (core)

This document updates the registration procedures for the "CoAP Content-Formats" registry, within the "CoRE Parameters" registry group, defined in Section 12.3 of RFC7252, specifically, those regarding the First Come First Served (FCFS) portion of the registry.

Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Constrained RESTful Environments (core)

WG	Name	Constrained RESTful Environments
	Acronym	core
	Area	Web and Internet Transport (wit)
	State	Active
	Charter	charter-ietf-core-02 Approved
	Document dependencies	Document dependencies Loading... Pan and zoom the dependency graph after the layout settles. Show legend Loading...
	Additional resources	CoRE landing page GitHub Repository Zulip stream
Personnel	Chairs	Carsten Bormann, Jaime Jimenez, Marco Tiloca
	Area Director	Francesca Palombini
Mailing list	Address	core@ietf.org
	To subscribe	https://www.ietf.org/mailman/listinfo/core
	Archive	https://mailarchive.ietf.org/arch/browse/core/
Chat	Room address	https://zulip.ietf.org/#narrow/stream/core

Charter for Working Group

CoRE provides a framework for resource-oriented applications intended to
run on constrained IP networks. A constrained IP network has limited
packet sizes, may exhibit a high degree of packet loss, and may have a
substantial number of devices that may be powered off at any point in
time but periodically "wake up" for brief periods of time. These
networks and the nodes within them are characterized by severe limits on
throughput, available power, and particularly on the complexity that can
be supported with limited code size and limited RAM per node [RFC 7228].
More generally, we speak of constrained node networks whenever at least
some of the nodes and networks involved exhibit these characteristics.
Low-Power Wireless Personal Area Networks (LoWPANs) are an example of
this type of network. Constrained networks can occur as part of home and
building automation, energy management, and the Internet of Things.

The CoRE working group will define a framework for a limited class of
applications: those that deal with the manipulation of simple resources
on constrained networks. This includes applications to monitor simple
sensors (e.g. temperature sensors, light switches, and power meters), to
control actuators (e.g. light switches, heating controllers, and door
locks), and to manage devices.

The general architecture consists of nodes on the constrained network,
called Devices, that are responsible for one or more Resources that may
represent sensors, actuators, combinations of values, and/or other
information. Devices send messages to change and query resources on
other Devices. Devices can send notifications about changed resource
values to Devices that have expressed their interest to receive
notification about changes. A Device can also publish or be queried
about its resources. (Typically a single physical host on the network
would have just one Device but a host might represent multiple logical
Devices. The specific terminology to be used here is to be decided by
the working group.) As part of the framework for building these
applications, the working group has defined a Constrained Application
Protocol (CoAP) for the manipulation of Resources on a Device.

CoAP is designed for use between Devices on the same constrained
network, between Devices and general nodes on the Internet, and between
Devices on different constrained networks both joined by an internet.
(CoAP is also being used via other mechanisms, such as SMS on mobile
communication networks.) CoAP targets the type of operating
environments defined in the ROLL and 6Lo working groups which have
additional constraints compared to normal IP networks, but the CoAP
protocol also operates over traditional IP networks.

There also may be proxies that interconnect between other Internet
protocols and the Devices using the CoAP protocol. It is worth noting
that proxy does not have to occur at the boundary between the
constrained network and the more general network, but can be deployed at
various locations in the less-constrained network.

CoAP supports various forms of "caching". Beyond the benefits of
caching already well known from REST, caching can be used to increase
energy savings of low-power nodes by allowing them to be normally-off
[RFC 7228]. For example, a temperature sensor might wake up every five
minutes and send the current temperature to a proxy that has expressed
interest in notifications; when the proxy receives a request over CoAP
or HTTP for that temperature resource, it can respond with the last
notified value (instead of trying to query the Device which may not be
reachable at this time). The working group will continue to evolve this
model to increase its practical applicability.

The working group will perform maintenance on its first four
standards-track specifications:
- RFC 6690
- RFC 7252
- RFC 7641
- draft-ietf-core-block
and will continue to evolve the experimental group communications
support (RFC 7390). The working group will not develop a reliable
multicast solution.

CoAP today works over UDP and DTLS. The working group will define
transport mappings for alternative transports as required, both IP
(starting with TCP and a secure version over TLS) and non-IP (e.g., SMS,
working with the security area on potentially addressing the security gap); this
includes defining appropriate URI schemes. Continued compatibility with
CoAP over SMS as defined in OMA LWM2M will be considered.

CoRE will continue and complete its work on
draft-ietf-core-resource-directory, as already partially adopted by OMA
LWM2M. Interoperability with DNS-SD (and the work of the dnssd working
group) will be a primary consideration. The working group will also
work on a specification enabling broker-based publish-subscribe-style
communication over CoAP.

CoRE will work on related data formats, such as alternative
representations of RFC 6690 link format and RFC 7390 group communication
information. The working group will complete the SenML specification,
again with consideration to its adoption in OMA LWM2M.

RFC 7252 defines a basic HTTP mapping for CoAP, with further discussion
in draft-ietf-core-http-mapping. This mapping will be evolved and
supported by further documents.

Besides continuing to examine operational and manageability aspects of
the CoAP protocol itself, CoRE will also develop a way to make
RESTCONF-style management functions available via CoAP that is
appropriate for constrained node networks. This will require very close
coordination with NETCONF and other operations and management working
groups. YANG data models will be used for manageability. Note that
the YANG modeling language is not a target for change in
this process, though additional mechanisms that support YANG
modules may be employed in specific cases where significant
performance gains are both attainable and required. The working
group will continue to consider the OMA LWM2M management functions
as a well-accepted alternative form of management and provide
support at the CoAP protocol level where required.

The working group has selected DTLS as the basis for the communications
security in CoAP. CoRE will work with the TLS working group on the
efficiency of this solution. The preferred cipher suites will evolve in
cooperation with the TLS working group and CFRG. The ACE working group
is expected to provide solutions to authorization that may need
complementary elements on the CoRE side. Object security as defined in
JOSE and being adapted to the constrained node network requirements in
COSE also may need additions on the CoRE side.

The working group will coordinate on requirements from many
organizations and SDO. The working group will closely coordinate with
other IETF working groups, particularly of the constrained node networks
cluster (6Lo, 6TiSCH, LWIG, ROLL, ACE, COSE), and appropriate
groups in the IETF OPS and Security areas. Work on these subjects, as
well as on interaction models and design patterns (including follow-up
work around the CoRE Interfaces draft) may benefit from close
cooperation with the proposed Thing-to-Thing Research Group.

Milestones

Date	Milestone	Associated documents
Dec 2026	CoRE Interfaces submitted to IESG as Informational	draft-ietf-core-interfaces
Mar 2026	Constrained RESTful Application Language (CoRAL) submitted to IESG for PS	draft-ietf-core-coral
Nov 2025	Management over CoAP (YANG Library) submitted to IESG for PS	draft-ietf-core-yang-library
Nov 2025	Dynamic Resource Linking for Constrained RESTful Environments submitted to IESG as Informational	draft-ietf-core-dynlink
Mar 2025	Publish-subscribe architecture for CoAP submitted to IESG for PS	draft-ietf-core-coap-pubsub
Mar 2025	Management over CoAP (COMI) submitted to IESG for PS	draft-ietf-core-comi
Feb 2025	DNS over CoAP (DoC) submitted to IESG for PS	draft-ietf-core-dns-over-coap
Nov 2024	Conditional Attributes for Constrained RESTful Environments submitted to IESG for PS	draft-ietf-core-conditional-attributes
Nov 2024	Constrained Resource Identifiers submitted to IESG for PS	draft-ietf-core-href
Aug 2024	Secure group communication for CoAP submitted to IESG for PS	draft-ietf-core-oscore-groupcomm
Aug 2024	Group communication for CoAP bis submitted to IESG for PS	draft-ietf-core-groupcomm-bis

Done milestones

Date	Milestone	Associated documents
Done	Using EDHOC with CoAP and OSCORE submitted to IESG for PS	rfc9668 (was draft-ietf-core-oscore-edhoc)
Done	Creation of IANA registry for CoRE target attributes submitted to IESG as Informational RFC	rfc9423 (was draft-ietf-core-target-attr)
Done	Concise Problem Details For CoAP APIs submitted to IESG for PS
Done	CoRE Resource Directory submitted to IESG for PS
Done	Object Security for Constrained RESTful Environments (OSCORE)
Done	Media Types for Sensor Measurement Lists (SenML) submitted to IESG for PS
Done	CBOR Encoding of Data Modeled with YANG submitted to IESG for PS
Done	CoAP over TCP, TLS, and WebSockets submitted to IESG for PS
Done	Representing CoRE Link Collections in JSON submitted to IESG
Done	Patch and Fetch Methods for CoAP submitted to IESG for PS
Done	WG adoption for Management over CoAP
Done	Best Practices for HTTP-CoAP Mapping Implementation submitted to IESG
Done	Blockwise transfers in CoAP submitted to IESG

2 new milestones currently in Area Director review.