I-D Action: draft-ietf-core-attacks-on-coap-01.txt
internet-drafts@ietf.org Thu, 10 November 2022 10:53 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0314FC14CF12; Thu, 10 Nov 2022 02:53:18 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: core@ietf.org
Subject: I-D Action: draft-ietf-core-attacks-on-coap-01.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 8.20.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: core@ietf.org
Message-ID: <166807759799.8377.8307043275662656195@ietfa.amsl.com>
Date: Thu, 10 Nov 2022 02:53:18 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/uaMeccX8ja3NlMTfoqIsRYgvlC0>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2022 10:53:18 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Constrained RESTful Environments WG of the IETF. Title : Attacks on the Constrained Application Protocol (CoAP) Authors : John Preuß Mattsson John Fornehed Göran Selander Francesca Palombini Christian Amsüss Filename : draft-ietf-core-attacks-on-coap-01.txt Pages : 19 Date : 2022-11-10 Abstract: Being able to securely read information from sensors, to securely control actuators, and to not enable distributed denial-of-service attacks are essential in a world of connected and networking things interacting with the physical world. Using a security protocol such as DTLS, TLS, or OSCORE to protect CoAP is a requirement for secure operation and protects against many attacks. This document summarizes a number of known attacks on CoAP deployments and show that just using CoAP with a security protocol like DTLS, TLS, or OSCORE is not enough for secure operation. Several of the discussed attacks can be mitigated with the solutions in RFC 9175. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-core-attacks-on-coap/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-core-attacks-on-coap-01.html A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-core-attacks-on-coap-01 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
- I-D Action: draft-ietf-core-attacks-on-coap-01.txt internet-drafts