Constrained RESTful Environments (core) Internet Drafts

      
 A publish-subscribe architecture for the Constrained Application Protocol (CoAP)
 
 draft-ietf-core-coap-pubsub-14.txt
 Date: 18/04/2024
 Authors: Jaime Jimenez, Michael Koster, Ari Keranen
 Working Group: Constrained RESTful Environments (core)
 This document describes a publish-subscribe architecture for the Constrained Application Protocol (CoAP), extending the capabilities of CoAP communications for supporting endpoints with long breaks in connectivity and/or up-time. CoAP clients publish on and subscribe to a topic via a corresponding topic resource at a CoAP server acting as broker.
 YANG Schema Item iDentifier (YANG SID)
 
 draft-ietf-core-sid-24.txt
 Date: 22/12/2023
 Authors: Michel Veillette, Alexander Pelov, Ivaylo Petrov, Carsten Bormann, Michael Richardson
 Working Group: Constrained RESTful Environments (core)
 YANG Schema Item iDentifiers (YANG SID) are globally unique 63-bit unsigned integers used to identify YANG items, as a more compact method to identify YANG items that can be used for efficiency and in constrained environments (RFC 7228). This document defines the semantics, the registration, and assignment processes of YANG SIDs for IETF managed YANG modules. To enable the implementation of these processes, this document also defines a file format used to persist and publish assigned YANG SIDs. // The present version (–24) is intended to address the remaining // IESG comments.
 CoAP Management Interface (CORECONF)
 
 draft-ietf-core-comi-17.txt
 Date: 04/03/2024
 Authors: Michel Veillette, Peter van der Stok, Alexander Pelov, Andy Bierman, Carsten Bormann
 Working Group: Constrained RESTful Environments (core)
 This document describes a network management interface for constrained devices and networks, called CoAP Management Interface (CORECONF). The Constrained Application Protocol (CoAP) is used to access datastore and data node resources specified in YANG, or SMIv2 converted to YANG. CORECONF uses the YANG to CBOR mapping and converts YANG identifier strings to numeric identifiers for payload size reduction. CORECONF extends the set of YANG based protocols, NETCONF and RESTCONF, with the capability to manage constrained devices and networks.
 Group Object Security for Constrained RESTful Environments (Group OSCORE)
 
 draft-ietf-core-oscore-groupcomm-21.txt
 Date: 04/03/2024
 Authors: Marco Tiloca, Goeran Selander, Francesca Palombini, John Mattsson, Rikard Hoeglund
 Working Group: Constrained RESTful Environments (core)
 This document defines the security protocol Group Object Security for Constrained RESTful Environments (Group OSCORE), providing end-to-end security of CoAP messages exchanged between members of a group, e.g., sent over IP multicast. In particular, the described protocol defines how OSCORE is used in a group communication setting to provide source authentication for CoAP group requests, sent by a client to multiple servers, and for protection of the corresponding CoAP responses. Group OSCORE also defines a pairwise mode where each member of the group can efficiently derive a symmetric pairwise key with any other member of the group for pairwise OSCORE communication. Group OSCORE can be used between endpoints communicating with CoAP or CoAP-mappable HTTP.
 The Constrained RESTful Application Language (CoRAL)
 
 draft-ietf-core-coral-06.txt
 Date: 04/03/2024
 Authors: Christian Amsuess, Thomas Fossati
 Working Group: Constrained RESTful Environments (core)
 The Constrained RESTful Application Language (CoRAL) defines a data model and interaction model as well as a compact serialization formats for the description of typed connections between resources on the Web ("links"), possible operations on such resources ("forms"), and simple resource metadata.
 Constrained Resource Identifiers
 
 draft-ietf-core-href-15.txt
 Date: 21/04/2024
 Authors: Carsten Bormann, Henk Birkholz
 Working Group: Constrained RESTful Environments (core)
 The Constrained Resource Identifier (CRI) is a complement to the Uniform Resource Identifier (URI) that represents the URI components in Concise Binary Object Representation (CBOR) instead of in a sequence of characters. This simplifies parsing, comparison, and reference resolution in environments with severe limitations on processing power, code size, and memory size. // (This "cref" paragraph will be removed by the RFC editor:) The // present revision –15 of this draft continues -14 by picking up // more comments, such as moving to a CRI scheme number registration // system based on unsigned numbers. This revision still contains // open issues and is intended to serve as a snapshot.
 Group Communication for the Constrained Application Protocol (CoAP)
 
 draft-ietf-core-groupcomm-bis-10.txt
 Date: 23/10/2023
 Authors: Esko Dijk, Chonggang Wang, Marco Tiloca
 Working Group: Constrained RESTful Environments (core)
 This document specifies the use of the Constrained Application Protocol (CoAP) for group communication, including the use of UDP/IP multicast as the default underlying data transport. Both unsecured and secured CoAP group communication are specified. Security is achieved by use of the Group Object Security for Constrained RESTful Environments (Group OSCORE) protocol. The target application area of this specification is any group communication use cases that involve resource-constrained devices or networks that support CoAP. This document replaces and obsoletes RFC 7390, while it updates RFC 7252 and RFC 7641.
 Using Ephemeral Diffie-Hellman Over COSE (EDHOC) with the Constrained Application Protocol (CoAP) and Object Security for Constrained RESTful Environments (OSCORE)
 
 draft-ietf-core-oscore-edhoc-11.txt
 Date: 09/04/2024
 Authors: Francesca Palombini, Marco Tiloca, Rikard Hoeglund, Stefan Hristozov, Goeran Selander
 Working Group: Constrained RESTful Environments (core)
 The lightweight authenticated key exchange protocol Ephemeral Diffie- Hellman Over COSE (EDHOC) can be run over the Constrained Application Protocol (CoAP) and used by two peers to establish a Security Context for the security protocol Object Security for Constrained RESTful Environments (OSCORE). This document details this use of the EDHOC protocol, by specifying a number of additional and optional mechanisms. These especially include an optimization approach for combining the execution of EDHOC with the first OSCORE transaction. This combination reduces the number of round trips required to set up an OSCORE Security Context and to complete an OSCORE transaction using that Security Context.
 Observe Notifications as CoAP Multicast Responses
 
 draft-ietf-core-observe-multicast-notifications-08.txt
 Date: 04/03/2024
 Authors: Marco Tiloca, Rikard Hoeglund, Christian Amsuess, Francesca Palombini
 Working Group: Constrained RESTful Environments (core)
 The Constrained Application Protocol (CoAP) allows clients to "observe" resources at a server, and receive notifications as unicast responses upon changes of the resource state. In some use cases, such as based on publish-subscribe, it would be convenient for the server to send a single notification addressed to all the clients observing a same target resource. This document updates RFC7252 and RFC7641, and defines how a server sends observe notifications as response messages over multicast, synchronizing all the observers of a same resource on a same shared Token value. Besides, this document defines how Group OSCORE can be used to protect multicast notifications end-to-end between the server and the observer clients.
 Key Update for OSCORE (KUDOS)
 
 draft-ietf-core-oscore-key-update-07.txt
 Date: 04/03/2024
 Authors: Rikard Hoeglund, Marco Tiloca
 Working Group: Constrained RESTful Environments (core)
 This document defines Key Update for OSCORE (KUDOS), a lightweight procedure that two CoAP endpoints can use to update their keying material by establishing a new OSCORE Security Context. Accordingly, it updates the use of the OSCORE flag bits in the CoAP OSCORE Option as well as the protection of CoAP response messages with OSCORE, and it deprecates the key update procedure specified in Appendix B.2 of RFC 8613. Thus, this document updates RFC 8613. Also, this document defines a procedure that two endpoints can use to update their OSCORE identifiers, run either stand-alone or during a KUDOS execution.
 Attacks on the Constrained Application Protocol (CoAP)
 
 draft-ietf-core-attacks-on-coap-04.txt
 Date: 21/02/2024
 Authors: John Mattsson, John Fornehed, Goeran Selander, Francesca Palombini, Christian Amsuess
 Working Group: Constrained RESTful Environments (core)
 Being able to securely retrieve information from sensors and control actuators while providing guards against distributed denial-of- service (DDoS) attacks are key requirements for CoAP deployments. To that aim, a security protocol (e.g., DTLS, TLS, or OSCORE) can be enabled to ensure secure CoAP operation, including protection against many attacks. This document identifies a set of known CoAP attacks and shows that simply using CoAP with a security protocol is not always enough for secure operation. Several of the identified attacks can be mitigated with a security protocol providing confidentiality and integrity combined with the solutions specified in RFC 9175.
 CoAP Transport Indication
 
 draft-ietf-core-transport-indication-05.txt
 Date: 18/03/2024
 Authors: Christian Amsuess, Martine Lenders
 Working Group: Constrained RESTful Environments (core)
 The Constrained Application Protocol (CoAP, [RFC7252]) is available over different transports (UDP, DTLS, TCP, TLS, WebSockets), but lacks a way to unify these addresses. This document provides terminology and provisions based on Web Linking [RFC8288] to express alternative transports available to a device, and to optimize exchanges using these.
 DNS over CoAP (DoC)
 
 draft-ietf-core-dns-over-coap-06.txt
 Date: 04/03/2024
 Authors: Martine Lenders, Christian Amsuess, Cenk Gundogan, Thomas Schmidt, Matthias Waehlisch
 Working Group: Constrained RESTful Environments (core)
 This document defines a protocol for sending DNS messages over the Constrained Application Protocol (CoAP). These CoAP messages are protected by DTLS-Secured CoAP (CoAPS) or Object Security for Constrained RESTful Environments (OSCORE) to provide encrypted DNS message exchange for constrained devices in the Internet of Things (IoT).
 Key Usage Limits for OSCORE
 
 draft-ietf-core-oscore-key-limits-02.txt
 Date: 10/01/2024
 Authors: Rikard Hoeglund, Marco Tiloca
 Working Group: Constrained RESTful Environments (core)
 Object Security for Constrained RESTful Environments (OSCORE) uses AEAD algorithms to ensure confidentiality and integrity of exchanged messages. Due to known issues allowing forgery attacks against AEAD algorithms, limits should be followed on the number of times a specific key is used for encryption or decryption. Among other reasons, approaching key usage limits requires updating the OSCORE keying material before communications can securely continue. This document defines how two OSCORE peers can follow these key usage limits and what steps they should take to preserve the security of their communications.
 Constrained Application Protocol (CoAP) Performance Measurement Option
 
 draft-ietf-core-coap-pm-02.txt
 Date: 19/04/2024
 Authors: Giuseppe Fioccola, Tianran Zhou, Massimo Nilo, Fabrizio Milan, Fabio Bulgarella
 Working Group: Constrained RESTful Environments (core)
 This document specifies a method for the Performance Measurement of the Constrained Application Protocol (CoAP). A new CoAP option is defined in order to enable network telemetry both end-to-end and hop- by-hop. The endpoints cooperate by marking and, possibly, mirroring information on the round-trip connection.
 OSCORE-capable Proxies
 
 draft-ietf-core-oscore-capable-proxies-01.txt
 Date: 04/03/2024
 Authors: Marco Tiloca, Rikard Hoeglund
 Working Group: Constrained RESTful Environments (core)
 Object Security for Constrained RESTful Environments (OSCORE) can be used to protect CoAP messages end-to-end between two endpoints at the application layer, also in the presence of intermediaries such as proxies. This document defines how to use OSCORE for protecting CoAP messages also between an origin application endpoint and an intermediary, or between two intermediaries. Also, it defines rules to escalate the protection of a CoAP option, in order to encrypt and integrity-protect it whenever possible. Finally, it defines how to secure a CoAP message by applying multiple, nested OSCORE protections, e.g., both end-to-end between origin application endpoints, as well as between an application endpoint and an intermediary or between two intermediaries. Thus, this document updates RFC 8613. The same approach can be seamlessly used with Group OSCORE, for protecting CoAP messages when group communication is used in the presence of intermediaries.
 Proxy Operations for CoAP Group Communication
 
 draft-ietf-core-groupcomm-proxy-01.txt
 Date: 04/03/2024
 Authors: Marco Tiloca, Esko Dijk
 Working Group: Constrained RESTful Environments (core)
 This document specifies the operations performed by a proxy, when using the Constrained Application Protocol (CoAP) in group communication scenarios. Such a proxy processes a single request sent by a client over unicast, and distributes the request to a group of servers, e.g., over UDP/IP multicast as the defined default transport protocol. Then, the proxy collects the individual responses from those servers and relays those responses back to the client, in a way that allows the client to distinguish the responses and their origin servers through embedded addressing information. This document updates RFC7252 with respect to caching of response messages at proxies.
 Identifier Update for OSCORE
 
 draft-ietf-core-oscore-id-update-00.txt
 Date: 05/03/2024
 Authors: Rikard Hoeglund, Marco Tiloca
 Working Group: Constrained RESTful Environments (core)
 Two peers that communicate with the CoAP protocol can use the Object Security for Constrained RESTful Environments (OSCORE) protocol to protect their message exchanges end-to-end. To this end, the two peers share an OSCORE Security Context and a number of related identifiers. In particular, each of the two peers stores a Sender ID that identifies its own Sender Context within the Security Context, and a Recipient ID that identifies the Recipient Context associated with the other peer within the same Security Context. These identifiers are sent in plaintext within OSCORE-protected messages. Hence, they can be used to correlate messages exchanged between peers and track those peers, with consequent privacy implications. This document defines an OSCORE ID update procedure that two peers can use to update their OSCORE identifiers. This procedure can be run stand- alone or seamlessly integrated in an execution of the Key Update for OSCORE (KUDOS) procedure.

data-group-menu-data-url="/group/groupmenu.json">

Constrained RESTful Environments (core)

WG Name Constrained RESTful Environments
Acronym core
Area Web and Internet Transport (wit)
State Active
Charter charter-ietf-core-02 Approved
Document dependencies
Additional resources CoRE landing page
GitHub Repository
Zulip stream
Personnel Chairs Carsten Bormann, Jaime Jimenez, Marco Tiloca
Area Director Francesca Palombini
Mailing list Address core@ietf.org
To subscribe https://www.ietf.org/mailman/listinfo/core
Archive https://mailarchive.ietf.org/arch/browse/core/
Chat Room address https://zulip.ietf.org/#narrow/stream/core

Charter for Working Group

CoRE provides a framework for resource-oriented applications intended to
run on constrained IP networks. A constrained IP network has limited
packet sizes, may exhibit a high degree of packet loss, and may have a
substantial number of devices that may be powered off at any point in
time but periodically "wake up" for brief periods of time. These
networks and the nodes within them are characterized by severe limits on
throughput, available power, and particularly on the complexity that can
be supported with limited code size and limited RAM per node [RFC 7228].
More generally, we speak of constrained node networks whenever at least
some of the nodes and networks involved exhibit these characteristics.
Low-Power Wireless Personal Area Networks (LoWPANs) are an example of
this type of network. Constrained networks can occur as part of home and
building automation, energy management, and the Internet of Things.

The CoRE working group will define a framework for a limited class of
applications: those that deal with the manipulation of simple resources
on constrained networks. This includes applications to monitor simple
sensors (e.g. temperature sensors, light switches, and power meters), to
control actuators (e.g. light switches, heating controllers, and door
locks), and to manage devices.

The general architecture consists of nodes on the constrained network,
called Devices, that are responsible for one or more Resources that may
represent sensors, actuators, combinations of values, and/or other
information. Devices send messages to change and query resources on
other Devices. Devices can send notifications about changed resource
values to Devices that have expressed their interest to receive
notification about changes. A Device can also publish or be queried
about its resources. (Typically a single physical host on the network
would have just one Device but a host might represent multiple logical
Devices. The specific terminology to be used here is to be decided by
the working group.) As part of the framework for building these
applications, the working group has defined a Constrained Application
Protocol (CoAP) for the manipulation of Resources on a Device.

CoAP is designed for use between Devices on the same constrained
network, between Devices and general nodes on the Internet, and between
Devices on different constrained networks both joined by an internet.
(CoAP is also being used via other mechanisms, such as SMS on mobile
communication networks.) CoAP targets the type of operating
environments defined in the ROLL and 6Lo working groups which have
additional constraints compared to normal IP networks, but the CoAP
protocol also operates over traditional IP networks.

There also may be proxies that interconnect between other Internet
protocols and the Devices using the CoAP protocol. It is worth noting
that proxy does not have to occur at the boundary between the
constrained network and the more general network, but can be deployed at
various locations in the less-constrained network.

CoAP supports various forms of "caching". Beyond the benefits of
caching already well known from REST, caching can be used to increase
energy savings of low-power nodes by allowing them to be normally-off
[RFC 7228]. For example, a temperature sensor might wake up every five
minutes and send the current temperature to a proxy that has expressed
interest in notifications; when the proxy receives a request over CoAP
or HTTP for that temperature resource, it can respond with the last
notified value (instead of trying to query the Device which may not be
reachable at this time). The working group will continue to evolve this
model to increase its practical applicability.

The working group will perform maintenance on its first four
standards-track specifications:
- RFC 6690
- RFC 7252
- RFC 7641
- draft-ietf-core-block
and will continue to evolve the experimental group communications
support (RFC 7390). The working group will not develop a reliable
multicast solution.

CoAP today works over UDP and DTLS. The working group will define
transport mappings for alternative transports as required, both IP
(starting with TCP and a secure version over TLS) and non-IP (e.g., SMS,
working with the security area on potentially addressing the security gap); this
includes defining appropriate URI schemes. Continued compatibility with
CoAP over SMS as defined in OMA LWM2M will be considered.

CoRE will continue and complete its work on
draft-ietf-core-resource-directory, as already partially adopted by OMA
LWM2M. Interoperability with DNS-SD (and the work of the dnssd working
group) will be a primary consideration. The working group will also
work on a specification enabling broker-based publish-subscribe-style
communication over CoAP.

CoRE will work on related data formats, such as alternative
representations of RFC 6690 link format and RFC 7390 group communication
information. The working group will complete the SenML specification,
again with consideration to its adoption in OMA LWM2M.

RFC 7252 defines a basic HTTP mapping for CoAP, with further discussion
in draft-ietf-core-http-mapping. This mapping will be evolved and
supported by further documents.

Besides continuing to examine operational and manageability aspects of
the CoAP protocol itself, CoRE will also develop a way to make
RESTCONF-style management functions available via CoAP that is
appropriate for constrained node networks. This will require very close
coordination with NETCONF and other operations and management working
groups. YANG data models will be used for manageability. Note that
the YANG modeling language is not a target for change in
this process, though additional mechanisms that support YANG
modules may be employed in specific cases where significant
performance gains are both attainable and required. The working
group will continue to consider the OMA LWM2M management functions
as a well-accepted alternative form of management and provide
support at the CoAP protocol level where required.

The working group has selected DTLS as the basis for the communications
security in CoAP. CoRE will work with the TLS working group on the
efficiency of this solution. The preferred cipher suites will evolve in
cooperation with the TLS working group and CFRG. The ACE working group
is expected to provide solutions to authorization that may need
complementary elements on the CoRE side. Object security as defined in
JOSE and being adapted to the constrained node network requirements in
COSE also may need additions on the CoRE side.

The working group will coordinate on requirements from many
organizations and SDO. The working group will closely coordinate with
other IETF working groups, particularly of the constrained node networks
cluster (6Lo, 6TiSCH, LWIG, ROLL, ACE, COSE), and appropriate
groups in the IETF OPS and Security areas. Work on these subjects, as
well as on interaction models and design patterns (including follow-up
work around the CoRE Interfaces draft) may benefit from close
cooperation with the proposed Thing-to-Thing Research Group.

Milestones

Date Milestone Associated documents
Dec 2099 CoRE Interfaces submitted to IESG
Jun 2023 Dynamic Resource Linking for Constrained RESTful Environments submitted to IESG for PS
May 2023 Creation of IANA registry for CoRE target attributes submitted to IESG as Informational RFC draft-ietf-core-target-attr
May 2023 Using EDHOC with CoAP and OSCORE submitted to IESG for PS draft-ietf-core-oscore-edhoc
Mar 2023 Constrained RESTful Application Language (CoRAL) submitted to IESG for PS
Sep 2022 Conditional Attributes for Constrained RESTful Environments submitted to IESG for PS
Jun 2022 Constrained Resource Identifiers submitted to IESG for PS
Jun 2022 Group communication for CoAP bis submitted to IESG for PS
Jun 2022 Secure group communication for CoAP submitted to IESG for PS
Jun 2022 Management over CoAP submitted to IESG for PS

Done milestones

Date Milestone Associated documents
Done Concise Problem Details For CoAP APIs submitted to IESG for PS
Done CoRE Resource Directory submitted to IESG for PS
Done CBOR Encoding of Data Modeled with YANG submitted to IESG for PS
Done Object Security for Constrained RESTful Environments (OSCORE)
Done Media Types for Sensor Measurement Lists (SenML) submitted to IESG for PS
Done CoAP over TCP, TLS, and WebSockets submitted to IESG for PS
Done Patch and Fetch Methods for CoAP submitted to IESG for PS
Done Representing CoRE Link Collections in JSON submitted to IESG
Done WG adoption for Management over CoAP
Done Best Practices for HTTP-CoAP Mapping Implementation submitted to IESG
Done Blockwise transfers in CoAP submitted to IESG