CoRE Lei. Wang Internet-Draft Wendong. Wang Intended status: Informational BUPT Expires: January 3, 2013 Lei. Zhu Fang. Yu Huawei Technologies July 2, 2012 CoAP Option Extensions: Profile and Sec-flag draft-wang-core-profile-secflag-options-00 Abstract This memo adds two Options for the Constrained Application Protocol (CoAP): Profile and Sec-flag. The Profile Option is indicating the identification of an application using CoAP. The Sec-flag Option complements the security considerations of CoAP Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 3, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Wang, et al. Expires January 3, 2013 [Page 1] Internet-Draft CoAP Profile and Sec-flag Options July 2012 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Profile Option Extension . . . . . . . . . . . . . . . . . 3 2.2. Sec-flag Option Extension . . . . . . . . . . . . . . . . . 4 3. Profile Option . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Profile Option Definition . . . . . . . . . . . . . . . . . 4 4. Profile Option . . . . . . . . . . . . . . . . . . . . . . . . 5 4.1. Sec-flag Option Definition . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 7.1. Normative Reference . . . . . . . . . . . . . . . . . . . . 6 7.2. Informative References . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6 Wang, et al. Expires January 3, 2013 [Page 2] Internet-Draft CoAP Profile and Sec-flag Options July 2012 1. Introduction CoAP is a specialized web transfer protocol for machine-to-machine applications such as smart energy and building automation using with constrained nodes and networks. This memo adds two new options for CoAP: Profile and Sec-flag. The main purpose of the Profile Option is indicating the identification of an application using CoAP, by reading this option some intermediaries (e.g. proxy) and transport networks could distinguish different applications and do some differentiated processing. The Sec-flag Option complements the security considerations, enabling NoSec pattern in a segment of the communication link path between the client and server, by taking care of only establishing and maintaining lower layer security instead of DTLS in these intermediate networks. 1.1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Motivation 2.1. Profile Option Extension CoAP is a light-weight web protocol and can be used in constrained devices, fulfilling machine-to-machine requirements. Because of its features, more and more M2M applications MAY adopt CoAP. CoAP applications SHOULD use an operator's network as the transport bearer. Different machine-to-machine applications MAY have different Quality of Service (QoS) requirements in terms of required bit rates as well as acceptable packet delays and packet loss rates. When application data is transmitted through the transport network, the network MAY need to identify different machine-to-machine services to do some differentiated processing, applying different control policies with subscriptions. Before applying control policies to applications, transport networks SHOULD identify them and distinguish each one from another referring to application identification, and then networks MAY apply different policies- treatment to different applications. Some intermediaries (e.g.CoAP proxy) MAY also would like to distinguish different applications and do some differentiated processing such as caching application data in different priorities. Wang, et al. Expires January 3, 2013 [Page 3] Internet-Draft CoAP Profile and Sec-flag Options July 2012 This memo describes the extensions to CoAP protocol and is to provide expanding proposal(s) to fulfill the motivations and requirements, defining an additional Option for the Constrained Application Protocol (CoAP): Profile. The Profile Option is defined as the identification of CoAP applications. When CoAP messages are transmitted through the transport network, network entities MAY use some technologies to read the option!_s Option Value to identify the application, then apply control policies with the subscription of application owner. 2.2. Sec-flag Option Extension The transmission path between the client and server MAY consist of several segments: Transport Network domain based on existing standards 3GPP, TISPAN, IETF,etc.,and M2M Area Network Domain based on existing standards and technologies like DLMS, CEN, CENELEC,PLT, Zigbee, M-BUS, KNX, etc. The application data MAY be transmitted through different networks between the client and server. The basic CoAP protocol defines the DTLS binding. DTLS overhead is expensive for some networks. Intermediate network domain MAY have some independent and reliable security standards (e.g. ZigBee standard). In some cases, CoAP could use these security standards instead of DTLS to avoid DTLS overhead in some intermediate networks. The Sec-flag Option can be used to indicate the security information and ensure the integrality of the security mechanism. 3. Profile Option 3.1. Profile Option Definition The Profile Option indicates the identification of CoAP applications. Transport network entities MAY use some technologies to read the Option Value and then apply corresponding policy control. This option is "elective" and the Option Number is even. It MUST NOT occur more than once. The detailed definitions and encoding SHOULD refer to the description of Option Format in [I-D.ietf-core-coap]. The SDNV[RFC5050] encoding can be used. Wang, et al. Expires January 3, 2013 [Page 4] Internet-Draft CoAP Profile and Sec-flag Options July 2012 +-----+----------+--------+-------------+---------+---------+ | No. | C/E | Name | Format | Length | Default | +-----+----------+--------+-------------+---------+---------+ | 2n | Elective |Profile |(see below) | 2B | (empty) | +-----+----------+--------+-------------+---------+---------+ 4. Profile Option The Sec-flag Option complements the security considerations, enabling NoSec pattern in one or more segments of the communication link path between the client and server. 4.1. Sec-flag Option Definition +-----+----------+--------+-------------+---------+---------+ | No. | C/E | Name | Format | Length | Default | +-----+----------+--------+-------------+---------+---------+ | 2n+1| Critical |Sec-flag|(see below) | 1B | (empty) | +-----+----------+--------+-------------+---------+---------+ The Sec-flag Option is used for indicating the lower layer security. This option is "critical" and the Option Number is odd. The detailed definitions and encoding SHOULD refer to the description of Option Format in [I-D.ietf-core-coap]. The value is made up of security indication. The SDNV[RFC5050] encoding can be used. 5. Security Considerations To be defined. 6. IANA Considerations The following entries are added to the CoAP Option Numbers registry: Wang, et al. Expires January 3, 2013 [Page 5] Internet-Draft CoAP Profile and Sec-flag Options July 2012 +---------+----------+-------------+ | Number | Name | Reference | +---------+----------+-------------+ | 2n | Profile | RFC XXXX | +---------+----------+-------------+ | 2n+1 | Sec-flag | RFC XXXX | +---------+----------+-------------+ 7. References 7.1. Normative Reference [I-D.ietf-core-coap] Shelby, Z., Hartke, K., Bormann, C., and B. Frank, "Constrained Application Protocol (CoAP)", draft-ietf-core-coap-10 (work in progress), June 2012. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC5050] Scott, K. and S. Burleigh, "Bundle Protocol Specification", RFC 5050, November 2007. 7.2. Informative References [I-D.fossati-core-publish-monitor-options] Fossati, T., Giacomin, P., and S. Loreto, "Publish and Monitor Options for CoAP", draft-fossati-core-publish-monitor-options-01 (work in progress), March 2012. Authors' Addresses Lei Wang Beijing University of Posts and Telecommunications Xitucheng road 10 Haidian District, Beijing 100876 P. R. China Email: wleiblue@163.com Wang, et al. Expires January 3, 2013 [Page 6] Internet-Draft CoAP Profile and Sec-flag Options July 2012 Wendong Wang Beijing University of Posts and Telecommunications Xitucheng road 10 Haidian District, Beijing 100876 P. R. China Email: wdwang@bupt.edu.cn Lei Zhu Huawei Technologies Huawei Building, Q20 No.156 Beiqing Rd.Z-park Haidian District, Beijing 100095 P. R. China Email: lei.zhu@huawei.com Fang Yu Huawei Technologies Huawei Building, Q20 No.156 Beiqing Rd.Z-park Haidian District, Beijing 100095 P. R. China Email: grace.yufang@huawei.com Wang, et al. Expires January 3, 2013 [Page 7]