| rfc9952.original | rfc9952.txt | |||
|---|---|---|---|---|
| Constrained RESTful Environments M. S. Lenders | Internet Engineering Task Force (IETF) M. S. Lenders | |||
| Internet-Draft TU Dresden | Request for Comments: 9952 TU Dresden | |||
| Intended status: Informational C. Amsüss | Category: Informational C. Amsüss | |||
| Expires: 12 February 2026 | ISSN: 2070-1721 | |||
| T. C. Schmidt | T. C. Schmidt | |||
| HAW Hamburg | HAW Hamburg | |||
| M. Wählisch | M. Wählisch | |||
| TU Dresden & Barkhausen Institut | TU Dresden & Barkhausen Institut | |||
| 11 August 2025 | March 2026 | |||
| ALPN ID Specification for CoAP over DTLS | The Application-Layer Protocol Negotiation (ALPN) ID Specification for | |||
| draft-ietf-core-coap-dtls-alpn-05 | the Constrained Application Protocol (CoAP) over DTLS | |||
| Abstract | Abstract | |||
| This document specifies an Application-Layer Protocol Negotiation | This document specifies an Application-Layer Protocol Negotiation | |||
| (ALPN) ID for transport-layer-secured Constrained Application | (ALPN) ID for transport-layer-secured Constrained Application | |||
| Protocol (CoAP) services. | Protocol (CoAP) services. | |||
| About This Document | ||||
| This note is to be removed before publishing as an RFC. | ||||
| The latest revision of this draft can be found at https://core- | ||||
| wg.github.io/coap-dtls-alpn/draft-ietf-core-coap-dtls-alpn.html. | ||||
| Status information for this document may be found at | ||||
| https://datatracker.ietf.org/doc/draft-ietf-core-coap-dtls-alpn/. | ||||
| Discussion of this document takes place on the Constrained RESTful | ||||
| Environments Working Group mailing list (mailto:core@ietf.org), which | ||||
| is archived at https://mailarchive.ietf.org/arch/browse/core/. | ||||
| Subscribe at https://www.ietf.org/mailman/listinfo/core/. | ||||
| Source for this draft and an issue tracker can be found at | ||||
| https://github.com/core-wg/coap-dtls-alpn. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This document is not an Internet Standards Track specification; it is | |||
| provisions of BCP 78 and BCP 79. | published for informational purposes. | |||
| Internet-Drafts are working documents of the Internet Engineering | ||||
| Task Force (IETF). Note that other groups may also distribute | ||||
| working documents as Internet-Drafts. The list of current Internet- | ||||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | This document is a product of the Internet Engineering Task Force | |||
| and may be updated, replaced, or obsoleted by other documents at any | (IETF). It represents the consensus of the IETF community. It has | |||
| time. It is inappropriate to use Internet-Drafts as reference | received public review and has been approved for publication by the | |||
| material or to cite them other than as "work in progress." | Internet Engineering Steering Group (IESG). Not all documents | |||
| approved by the IESG are candidates for any level of Internet | ||||
| Standard; see Section 2 of RFC 7841. | ||||
| This Internet-Draft will expire on 12 February 2026. | Information about the current status of this document, any errata, | |||
| and how to provide feedback on it may be obtained at | ||||
| https://www.rfc-editor.org/info/rfc9952. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2025 IETF Trust and the persons identified as the | Copyright (c) 2026 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents | |||
| license-info) in effect on the date of publication of this document. | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
| and restrictions with respect to this document. Code Components | carefully, as they describe your rights and restrictions with respect | |||
| extracted from this document must include Revised BSD License text as | to this document. Code Components extracted from this document must | |||
| described in Section 4.e of the Trust Legal Provisions and are | include Revised BSD License text as described in Section 4.e of the | |||
| provided without warranty as described in the Revised BSD License. | Trust Legal Provisions and are provided without warranty as described | |||
| in the Revised BSD License. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction | |||
| 2. Application-Layer Protocol Negotiation (ALPN) IDs . . . . . . 3 | 2. Application-Layer Protocol Negotiation (ALPN) IDs | |||
| 3. Security Considerations . . . . . . . . . . . . . . . . . . . 3 | 3. Security Considerations | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 | 4. IANA Considerations | |||
| 4.1. TLS ALPN for CoAP . . . . . . . . . . . . . . . . . . . . 3 | 5. References | |||
| 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 5.1. Normative References | |||
| 5.1. Normative References . . . . . . . . . . . . . . . . . . 4 | 5.2. Informative References | |||
| 5.2. Informative References . . . . . . . . . . . . . . . . . 4 | Acknowledgments | |||
| Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 5 | Authors' Addresses | |||
| A.1. Since draft-ietf-core-coap-dtls-alpn-04 . . . . . . . . . 5 | ||||
| A.2. Since draft-ietf-core-coap-dtls-alpn-03 . . . . . . . . . 5 | ||||
| A.3. Since draft-ietf-core-coap-dtls-alpn-02 . . . . . . . . . 5 | ||||
| A.4. Since draft-ietf-core-coap-dtls-alpn-01 . . . . . . . . . 5 | ||||
| A.5. Since draft-ietf-core-coap-dtls-alpn-00 . . . . . . . . . 6 | ||||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 6 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | ||||
| 1. Introduction | 1. Introduction | |||
| Application-Layer Protocol Negotiation (ALPN) enables communicating | Application-Layer Protocol Negotiation (ALPN) enables communicating | |||
| parties to agree on an application-layer protocol during a Transport | parties to agree on an application-layer protocol during a Transport | |||
| Layer Security (TLS) handshake using an ALPN ID [RFC7301]. This ALPN | Layer Security (TLS) handshake using an ALPN ID [RFC7301]. This ALPN | |||
| ID can be discovered for services as part of Service Bindings (SVCB) | ID can be discovered for services as part of Service Bindings (SVCBs) | |||
| via the DNS, using SVCB resource records with the "alpn" Service | via the DNS, using SVCB resource records with the "alpn" Service | |||
| Parameter Keys [RFC9460]. As an example, applications that use the | Parameter Keys [RFC9460]. As an example, applications that use the | |||
| Constrained Application Protocol (CoAP) [RFC7252] can obtain this | Constrained Application Protocol (CoAP) [RFC7252] can obtain this | |||
| information as part of the discovery of DNS over CoAP (DoC) servers | information as part of the discovery of DNS over CoAP (DoC) servers | |||
| (see Section 3.2 of [I-D.ietf-core-dns-over-coap]) that deploy TLS | (see Section 3.2 of [PRE-RFC9953]) that deploy TLS 1.3 [RFC8446] as | |||
| 1.3 [RFC8446] as well as Datagram Transport Layer Security (DTLS) 1.2 | well as Datagram Transport Layer Security (DTLS) 1.2 or 1.3 [RFC6347] | |||
| or 1.3 [RFC6347] [RFC9147] to secure their messages. This document | [RFC9147] to secure their messages. This document specifies an ALPN | |||
| specifies an ALPN ID for CoAP services that are secured by transport | ID for CoAP services that are secured by TLS using DTLS. An ALPN ID | |||
| layer security using DTLS. An ALPN ID for CoAP services secured by | for CoAP services secured by TLS has already been specified in | |||
| TLS has already been specified in [RFC8323]. | [RFC8323]. | |||
| 2. Application-Layer Protocol Negotiation (ALPN) IDs | 2. Application-Layer Protocol Negotiation (ALPN) IDs | |||
| For CoAP over TLS, an ALPN ID was defined as "coap" in [RFC8323]. As | For CoAP over TLS, an ALPN ID is defined as "coap" in [RFC8323]. As | |||
| it is not advisable to re-use the same ALPN ID for a different | it is not advisable to reuse the same ALPN ID for a different | |||
| transport layer, an ALPN for CoAP over DTLS is registered in | transport layer, an ALPN for CoAP over DTLS is registered in | |||
| Section 4.1. | Section 4. | |||
| ALPN ID values have variable length. For CoAP over DTLS, a short | ALPN ID values have variable length. For CoAP over DTLS, a short | |||
| value ("co") is allocated, as this can avoid fragmentation of Client | value ("co") is allocated, as this can avoid fragmentation of Client | |||
| Hello and Server Hello messages in constrained networks with link- | Hello and Server Hello messages in constrained networks with link- | |||
| layer fragmentation, such as 6LoWPAN [RFC4944]. | layer fragmentation, such as 6LoWPAN [RFC4944]. | |||
| To discover CoAP services that secure their messages with TLS or | To discover CoAP services that secure their messages with TLS or | |||
| DTLS, the ALPN IDs "coap" and "co" can be used, respectively, in the | DTLS, the ALPN IDs "coap" and "co" can be used, respectively, in the | |||
| same manner as for any other service secured with transport layer | same manner as for any other service secured with TLS, as described | |||
| security, as described in [RFC9460]. The discovery of CoAP services | in [RFC9460]. The discovery of CoAP services that rely on other | |||
| that rely on other security mechanisms is out of the scope of this | security mechanisms is out of the scope of this document. | |||
| document. | ||||
| 3. Security Considerations | 3. Security Considerations | |||
| Any security considerations on ALPN (see [RFC7301]) and SVCB resource | Any security considerations for ALPN (see [RFC7301]) and SVCB | |||
| records (see [RFC9460]) also apply to this document. | resource records (see [RFC9460]) also apply to this document. | |||
| 4. IANA Considerations | 4. IANA Considerations | |||
| // RFC Ed.: throughout this section, please replace RFC-XXXX with the | IANA has added the following entry to the "TLS Application-Layer | |||
| // RFC number of this specification and remove this note. | Protocol Negotiation (ALPN) Protocol IDs" registry in the "Transport | |||
| Layer Security (TLS) Extensions" registry group. | ||||
| This document has the following actions for IANA. | ||||
| 4.1. TLS ALPN for CoAP | ||||
| The following entry has been added to the "TLS Application-Layer | ||||
| Protocol Negotiation (ALPN) Protocol IDs" registry, which is part of | ||||
| the "Transport Layer Security (TLS) Extensions" registry group. | ||||
| * Protocol: CoAP (over DTLS) | +==================+=========================+=====================+ | |||
| * Identification sequence: 0x63 0x6f ("co") | | Protocol | Identification Sequence | Reference | | |||
| +==================+=========================+=====================+ | ||||
| | CoAP (over DTLS) | 0x63 0x6f ("co") | [RFC7252], RFC 9952 | | ||||
| +------------------+-------------------------+---------------------+ | ||||
| * Reference: [RFC7252] and [RFC-XXXX] | Table 1: TLS Application-Layer Protocol Negotiation (ALPN) | |||
| Protocol IDs Registry | ||||
| Note that [RFC7252] does not define the use of the ALPN TLS extension | Note that [RFC7252] does not define the use of the ALPN TLS extension | |||
| during the DTLS connection handshake. This document does not change | during the DTLS connection handshake. This document does not change | |||
| this behavior, and thus does not establish any rules like those in | this behavior and thus does not establish any rules like those in | |||
| Section 8.2 of [RFC8323]. | Section 8.2 of [RFC8323]. | |||
| 5. References | 5. References | |||
| 5.1. Normative References | 5.1. Normative References | |||
| [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer | [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer | |||
| Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, | Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, | |||
| January 2012, <https://www.rfc-editor.org/rfc/rfc6347>. | January 2012, <https://www.rfc-editor.org/info/rfc6347>. | |||
| [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained | [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained | |||
| Application Protocol (CoAP)", RFC 7252, | Application Protocol (CoAP)", RFC 7252, | |||
| DOI 10.17487/RFC7252, June 2014, | DOI 10.17487/RFC7252, June 2014, | |||
| <https://www.rfc-editor.org/rfc/rfc7252>. | <https://www.rfc-editor.org/info/rfc7252>. | |||
| [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, | [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, | |||
| "Transport Layer Security (TLS) Application-Layer Protocol | "Transport Layer Security (TLS) Application-Layer Protocol | |||
| Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, | Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, | |||
| July 2014, <https://www.rfc-editor.org/rfc/rfc7301>. | July 2014, <https://www.rfc-editor.org/info/rfc7301>. | |||
| [RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The | [RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The | |||
| Datagram Transport Layer Security (DTLS) Protocol Version | Datagram Transport Layer Security (DTLS) Protocol Version | |||
| 1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022, | 1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022, | |||
| <https://www.rfc-editor.org/rfc/rfc9147>. | <https://www.rfc-editor.org/info/rfc9147>. | |||
| [RFC9460] Schwartz, B., Bishop, M., and E. Nygren, "Service Binding | [RFC9460] Schwartz, B., Bishop, M., and E. Nygren, "Service Binding | |||
| and Parameter Specification via the DNS (SVCB and HTTPS | and Parameter Specification via the DNS (SVCB and HTTPS | |||
| Resource Records)", RFC 9460, DOI 10.17487/RFC9460, | Resource Records)", RFC 9460, DOI 10.17487/RFC9460, | |||
| November 2023, <https://www.rfc-editor.org/rfc/rfc9460>. | November 2023, <https://www.rfc-editor.org/info/rfc9460>. | |||
| 5.2. Informative References | 5.2. Informative References | |||
| [I-D.ietf-core-dns-over-coap] | [PRE-RFC9953] | |||
| Lenders, M. S., Amsüss, C., Gündoğan, C., Schmidt, T. C., | Lenders, M. S., Amsüss, C., Gündoğan, C., Schmidt, T. C., | |||
| and M. Wählisch, "DNS over CoAP (DoC)", Work in Progress, | and M. Wählisch, "DNS over the Constrained Application | |||
| Internet-Draft, draft-ietf-core-dns-over-coap-17, 24 July | Protocol (DoC)", RFC PRE-9953, DOI 10.17487/PRE-RFC9953, | |||
| 2025, <https://datatracker.ietf.org/doc/html/draft-ietf- | March 2026, <https://www.rfc-editor.org/info/rfc9953>. | |||
| core-dns-over-coap-17>. | ||||
| [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, | [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, | |||
| "Transmission of IPv6 Packets over IEEE 802.15.4 | "Transmission of IPv6 Packets over IEEE 802.15.4 | |||
| Networks", RFC 4944, DOI 10.17487/RFC4944, September 2007, | Networks", RFC 4944, DOI 10.17487/RFC4944, September 2007, | |||
| <https://www.rfc-editor.org/rfc/rfc4944>. | <https://www.rfc-editor.org/info/rfc4944>. | |||
| [RFC8323] Bormann, C., Lemay, S., Tschofenig, H., Hartke, K., | [RFC8323] Bormann, C., Lemay, S., Tschofenig, H., Hartke, K., | |||
| Silverajan, B., and B. Raymor, Ed., "CoAP (Constrained | Silverajan, B., and B. Raymor, Ed., "CoAP (Constrained | |||
| Application Protocol) over TCP, TLS, and WebSockets", | Application Protocol) over TCP, TLS, and WebSockets", | |||
| RFC 8323, DOI 10.17487/RFC8323, February 2018, | RFC 8323, DOI 10.17487/RFC8323, February 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc8323>. | <https://www.rfc-editor.org/info/rfc8323>. | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| Appendix A. Change Log | ||||
| A.1. Since draft-ietf-core-coap-dtls-alpn-04 | ||||
| (https://datatracker.ietf.org/doc/draft-ietf-core-coap-dtls- | ||||
| alpn/04/) | ||||
| * Address Deb Cooley's IESG ballot COMMENT | ||||
| A.2. Since draft-ietf-core-coap-dtls-alpn-03 | ||||
| (https://datatracker.ietf.org/doc/draft-ietf-core-coap-dtls- | ||||
| alpn/03/) | ||||
| * Make DTLS references normative | ||||
| A.3. Since draft-ietf-core-coap-dtls-alpn-02 | ||||
| (https://datatracker.ietf.org/doc/draft-ietf-core-coap-dtls- | ||||
| alpn/02/) | ||||
| * Address shepherd review | ||||
| A.4. Since draft-ietf-core-coap-dtls-alpn-01 | ||||
| (https://datatracker.ietf.org/doc/draft-ietf-core-coap-dtls- | ||||
| alpn/01/) | ||||
| * Address review by Esko Dijk | ||||
| * Address review by Marco Tiloca | ||||
| A.5. Since draft-ietf-core-coap-dtls-alpn-00 | ||||
| (https://datatracker.ietf.org/doc/draft-ietf-core-coap-dtls- | ||||
| alpn/00/) | ||||
| * Fix ALPN ID for CoAP over TLS | ||||
| * Change intended status to Informational | ||||
| Acknowledgments | Acknowledgments | |||
| We like to thank Rich Salz for the expert review on the "co" ALPN ID | We would like to thank Rich Salz for the expert review on the "co" | |||
| allocation. We also like to thank Mohamed Boucadair and Ben Schwartz | ALPN ID allocation. We would also like to thank Mohamed Boucadair | |||
| for their early review before WG adoption of this draft and Esko | and Ben Schwartz for their early reviews before WG adoption of this | |||
| Dijk, Thomas Fossati, and Marco Tiloca for their feedback and | specification and Esko Dijk, Thomas Fossati, and Marco Tiloca for | |||
| comments. | their feedback and comments. | |||
| Authors' Addresses | Authors' Addresses | |||
| Martine Sophie Lenders | Martine Sophie Lenders | |||
| TUD Dresden University of Technology | TUD Dresden University of Technology | |||
| Helmholtzstr. 10 | Helmholtzstr. 10 | |||
| D-01069 Dresden | D-01069 Dresden | |||
| Germany | Germany | |||
| Email: martine.lenders@tu-dresden.de | Email: martine.lenders@tu-dresden.de | |||
| End of changes. 31 change blocks. | ||||
| 144 lines changed or deleted | 79 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||