Constrained RESTful Environments
Intended Status:
Standards Track
M. S. Lenders
TU Dresden
C. Amsüss
T. C. Schmidt
HAW Hamburg
M. Wählisch
TU Dresden & Barkhausen Institut

Service Binding and Parameter Specification for CoAP over (D)TLS


This document specifies the usage of Service Parameters as used in SVCB ("Service Binding") DNS resource records for the discovery of transport-layer-secured CoAP services.

1. Introduction

[RFC9460] specifies the "SVCB" ("Service Binding") DNS resource records for looking up communication endpoints of a service. Service Parameters (SvcParams) are used to carry that information. This document specifies which information from SvcParams can be used with CoAP services that are secured by transport security, namely TLS and DTLS. As an example, this information can be obtained as part of the discovery of DNS over CoAP (DoC) servers (see [I-D.ietf-core-dns-over-coap]) that deploy TLS or DTLS to secure their messages.

2. Terminology

SvcParams denotes the field in either DNS SVCB/HTTPS records as defined in [RFC9460], or DHCP and RA messages as defined in [RFC9463].

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

3. Application-Layer Protocol Negotiation (ALPN) IDs

[RFC9460] defines the "alpn" key, which is used to identify the service binding to a protocol suite using its Application-Layer Protocol Negotiation (ALPN) ID [RFC7301]. For CoAP over TLS an ALPN ID was defined in [RFC8323]. As it is not advisable to re-use the same ALPN ID for a different transport layer, an ALPN for CoAP over DTLS is also registered in Section 5. To discover CoAP services that secure their messages with TLS or DTLS, these ALPN IDs can be used in the same manner as for any other service secured with transport layer security, as described in [RFC9460]. Other authentication mechanisms are currently out of scope.

4. Security Considerations

Any security considerations on SVCB resource records (see [RFC9460]), also apply to this document.

5. IANA Considerations

5.1. TLS ALPN for CoAP

The following entry has been added to the "TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs" registry, which is part of the "Transport Layer Security (TLS) Extensions" group.

  • Protocol: CoAP (over DTLS)

  • Identification sequence: 0x63 0x6f ("co")

  • Reference: [RFC7252] and [this document]

Note that [RFC7252] does not define the use of the ALPN TLS extension during connection the DTLS handshake. This document does not change that, and thus does not establish any rules like those in Section 8.2 of [RFC8323].

