RFC 7252

Internet Engineering Task Force (IETF) Z. ShelbyRequest for Comments: 7252 ARMCategory: Standards Track K. HartkeISSN: 2070-1721 C. Bormann Universitaet Bremen TZI June 2014 The Constrained Application Protocol (CoAP)Abstract The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation. CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7252.Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Features . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6 2. Constrained Application Protocol . . . . . . . . . . . . . . 10 2.1. Messaging Model . . . . . . . . . . . . . . . . . . . . . 11 2.2. Request/Response Model . . . . . . . . . . . . . . . . . 12 2.3. Intermediaries and Caching . . . . . . . . . . . . . . . 15 2.4. Resource Discovery . . . . . . . . . . . . . . . . . . . 15 3. Message Format . . . . . . . . . . . . . . . . . . . . . . . 15 3.1. Option Format . . . . . . . . . . . . . . . . . . . . . . 17 3.2. Option Value Formats . . . . . . . . . . . . . . . . . . 19 4. Message Transmission . . . . . . . . . . . . . . . . . . . . 20 4.1. Messages and Endpoints . . . . . . . . . . . . . . . . . 20 4.2. Messages Transmitted Reliably . . . . . . . . . . . . . . 21 4.3. Messages Transmitted without Reliability . . . . . . . . 23 4.4. Message Correlation . . . . . . . . . . . . . . . . . . . 24 4.5. Message Deduplication . . . . . . . . . . . . . . . . . . 24 4.6. Message Size . . . . . . . . . . . . . . . . . . . . . . 25 4.7. Congestion Control . . . . . . . . . . . . . . . . . . . 26 4.8. Transmission Parameters . . . . . . . . . . . . . . . . . 27 4.8.1. Changing the Parameters . . . . . . . . . . . . . . . 27 4.8.2. Time Values Derived from Transmission Parameters . . 28 5. Request/Response Semantics . . . . . . . . . . . . . . . . . 31 5.1. Requests . . . . . . . . . . . . . . . . . . . . . . . . 31 5.2. Responses . . . . . . . . . . . . . . . . . . . . . . . . 31 5.2.1. Piggybacked . . . . . . . . . . . . . . . . . . . . . 33 5.2.2. Separate . . . . . . . . . . . . . . . . . . . . . . 33 5.2.3. Non-confirmable . . . . . . . . . . . . . . . . . . . 34 5.3. Request/Response Matching . . . . . . . . . . . . . . . . 34 5.3.1. Token . . . . . . . . . . . . . . . . . . . . . . . . 34 5.3.2. Request/Response Matching Rules . . . . . . . . . . . 35 5.4. Options . . . . . . . . . . . . . . . . . . . . . . . . . 36 5.4.1. Critical/Elective . . . . . . . . . . . . . . . . . . 37 5.4.2. Proxy Unsafe or Safe-to-Forward and NoCacheKey . . . 38 5.4.3. Length . . . . . . . . . . . . . . . . . . . . . . . 38 5.4.4. Default Values . . . . . . . . . . . . . . . . . . . 38 5.4.5. Repeatable Options . . . . . . . . . . . . . . . . . 39 5.4.6. Option Numbers . . . . . . . . . . . . . . . . . . . 39 5.5. Payloads and Representations . . . . . . . . . . . . . . 40 5.5.1. Representation . . . . . . . . . . . . . . . . . . . 40 5.5.2. Diagnostic Payload . . . . . . . . . . . . . . . . . 41 5.5.3. Selected Representation . . . . . . . . . . . . . . . 41 5.5.4. Content Negotiation . . . . . . . . . . . . . . . . . 41 5.6. Caching . . . . . . . . . . . . . . . . . . . . . . . . . 42 5.6.1. Freshness Model . . . . . . . . . . . . . . . . . . . 43 5.6.2. Validation Model . . . . . . . . . . . . . . . . . . 43 5.7. Proxying . . . . . . . . . . . . . . . . . . . . . . . . 44 5.7.1. Proxy Operation . . . . . . . . . . . . . . . . . . . 44 5.7.2. Forward-Proxies . . . . . . . . . . . . . . . . . . . 46 5.7.3. Reverse-Proxies . . . . . . . . . . . . . . . . . . . 46 5.8. Method Definitions . . . . . . . . . . . . . . . . . . . 47 5.8.1. GET . . . . . . . . . . . . . . . . . . . . . . . . . 47 5.8.2. POST . . . . . . . . . . . . . . . . . . . . . . . . 47 5.8.3. PUT . . . . . . . . . . . . . . . . . . . . . . . . . 48 5.8.4. DELETE . . . . . . . . . . . . . . . . . . . . . . . 48 5.9. Response Code Definitions . . . . . . . . . . . . . . . . 48 5.9.1. Success 2.xx . . . . . . . . . . . . . . . . . . . . 48 5.9.2. Client Error 4.xx . . . . . . . . . . . . . . . . . . 50 5.9.3. Server Error 5.xx . . . . . . . . . . . . . . . . . . 51 5.10. Option Definitions . . . . . . . . . . . . . . . . . . . 52 5.10.1. Uri-Host, Uri-Port, Uri-Path, and Uri-Query . . . . 53 5.10.2. Proxy-Uri and Proxy-Scheme . . . . . . . . . . . . . 54 5.10.3. Content-Format . . . . . . . . . . . . . . . . . . . 55 5.10.4. Accept . . . . . . . . . . . . . . . . . . . . . . . 55 5.10.5. Max-Age . . . . . . . . . . . . . . . . . . . . . . 55 5.10.6. ETag . . . . . . . . . . . . . . . . . . . . . . . . 56 5.10.7. Location-Path and Location-Query . . . . . . . . . . 57 5.10.8. Conditional Request Options . . . . . . . . . . . . 57 5.10.9. Size1 Option . . . . . . . . . . . . . . . . . . . . 59 6. CoAP URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 59 6.1. coap URI Scheme . . . . . . . . . . . . . . . . . . . . . 59 6.2. coaps URI Scheme . . . . . . . . . . . . . . . . . . . . 60 6.3. Normalization and Comparison Rules . . . . . . . . . . . 61 6.4. Decomposing URIs into Options . . . . . . . . . . . . . . 61 6.5. Composing URIs from Options . . . . . . . . . . . . . . . 62 7. Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . 64 7.1. Service Discovery . . . . . . . . . . . . . . . . . . . . 64 7.2. Resource Discovery . . . . . . . . . . . . . . . . . . . 64 7.2.1. 'ct' Attribute . . . . . . . . . . . . . . . . . . . 64 8. Multicast CoAP . . . . . . . . . . . . . . . . . . . . . . . 65 8.1. Messaging Layer . . . . . . . . . . . . . . . . . . . . . 65 8.2. Request/Response Layer . . . . . . . . . . . . . . . . . 66 8.2.1. Caching . . . . . . . . . . . . . . . . . . . . . . . 67 8.2.2. Proxying . . . . . . . . . . . . . . . . . . . . . . 67 9. Securing CoAP . . . . . . . . . . . . . . . . . . . . . . . . 68 9.1. DTLS-Secured CoAP . . . . . . . . . . . . . . . . . . . . 69 9.1.1. Messaging Layer . . . . . . . . . . . . . . . . . . . 70 9.1.2. Request/Response Layer . . . . . . . . . . . . . . . 71 9.1.3. Endpoint Identity . . . . . . . . . . . . . . . . . . 71 10. Cross-Protocol Proxying between CoAP and HTTP . . . . . . . . 74 10.1. CoAP-HTTP Proxying . . . . . . . . . . . . . . . . . . . 75 10.1.1. GET . . . . . . . . . . . . . . . . . . . . . . . . 76 10.1.2. PUT . . . . . . . . . . . . . . . . . . . . . . . . 77 10.1.3. DELETE . . . . . . . . . . . . . . . . . . . . . . . 77 10.1.4. POST . . . . . . . . . . . . . . . . . . . . . . . . 77 10.2. HTTP-CoAP Proxying . . . . . . . . . . . . . . . . . . . 77 10.2.1. OPTIONS and TRACE . . . . . . . . . . . . . . . . . 78 10.2.2. GET . . . . . . . . . . . . . . . . . . . . . . . . 78 10.2.3. HEAD . . . . . . . . . . . . . . . . . . . . . . . . 79 10.2.4. POST . . . . . . . . . . . . . . . . . . . . . . . . 79 10.2.5. PUT . . . . . . . . . . . . . . . . . . . . . . . . 79 10.2.6. DELETE . . . . . . . . . . . . . . . . . . . . . . . 80 10.2.7. CONNECT . . . . . . . . . . . . . . . . . . . . . . 80 11. Security Considerations . . . . . . . . . . . . . . . . . . . 80 11.1. Parsing the Protocol and Processing URIs . . . . . . . . 80 11.2. Proxying and Caching . . . . . . . . . . . . . . . . . . 81 11.3. Risk of Amplification . . . . . . . . . . . . . . . . . 81 11.4. IP Address Spoofing Attacks . . . . . . . . . . . . . . 83 11.5. Cross-Protocol Attacks . . . . . . . . . . . . . . . . . 84 11.6. Constrained-Node Considerations . . . . . . . . . . . . 86 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 86 12.1. CoAP Code Registries . . . . . . . . . . . . . . . . . . 86 12.1.1. Method Codes . . . . . . . . . . . . . . . . . . . . 87 12.1.2. Response Codes . . . . . . . . . . . . . . . . . . . 88 12.2. CoAP Option Numbers Registry . . . . . . . . . . . . . . 89 12.3. CoAP Content-Formats Registry . . . . . . . . . . . . . 91 12.4. URI Scheme Registration . . . . . . . . . . . . . . . . 93 12.5. Secure URI Scheme Registration . . . . . . . . . . . . . 94 12.6. Service Name and Port Number Registration . . . . . . . 95 12.7. Secure Service Name and Port Number Registration . . . . 96 12.8. Multicast Address Registration . . . . . . . . . . . . . 97 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 97 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 98 14.1. Normative References . . . . . . . . . . . . . . . . . . 98 14.2. Informative References . . . . . . . . . . . . . . . . . 100 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 104 Appendix B. URI Examples . . . . . . . . . . . . . . . . . . . . 110