Session Date/Time: 22 Jul 2025 12:30

core

Summary

This core working group meeting at IETF 113 covered a wide range of topics, including updates on several drafts, adoption calls, security considerations, and future work. Discussions focused on URI handling, transport indication, OSCOR key updates and identifier changes, multicast notifications, and a new individual submission for encrypting partial IVs. The group also considered using CoAP for automation work in the Anima working group.

Key Discussion Points

URI Host Option and DTLS: Discussion revolved around updating RFC 7252 regarding the URI host option's default value in DTLS, potentially tying it to DTLS 1.3. Concerns were raised about backward compatibility and the need to determine the impact on existing deployments. Implementations might be ignoring the URI host entirely.
Constraint Resource Identifiers (CRIs): The ongoing IESG evaluation of the HREF draft revealed editorial challenges in translating between CoAP options and CRIs, particularly regarding the request destination address. The working group reaffirmed its consensus on handling zone identifiers in CRIs, deciding not to define a conversion from a CRI containing a zone ID to a URI.
Discovery of Network Designate OSCOR-based Resolvers (Core DNR): The group discussed the overlap between the Core DNR draft and the transport indication draft, particularly regarding ad-hoc security context discovery. A decision was made to discontinue work on the Core DNR draft and focus on transport indication, where most of its functionality could be incorporated.
CoAP Transport Indication: Modeling efforts were presented focusing on providing clients with the ability to obtain resources based on a URI without altering the URI for different schemes. The discussion included the use of Web Links and DNS service records for advertising supported transports (ALPNs) and security contexts (CRED service parameter).
OSCOR Key Update (Kudos): Updates to the Kudos draft were presented, including improvements to security considerations, updates to IANA considerations, and an optimization to the state machine to avoid unnecessary key derivations.
OSCOR Identifier Update: The group discussed a method for updating OSCOR identifiers (sender and recipient IDs) to mitigate privacy issues. The design was updated to be more aligned with the Kudos state machine. The main point of using this feature is now focused around what happens after switching networks.
Observed Multicast Notifications: Discussion addressed changes made in light of the work on transport indication. The new structure for providing transport information about where notifications will be sent was specified. Also, a plan was solidified to move the proxy information to another document.
Cacheable OSCOR: Christian presented the latest updates on the Cacheable OSCOR draft, including implications of running OSCOR without source authentication and how to derive key material for multiple parties to encrypt a request.
CoAP over Bundle Protocol (CoAP over BP): An update on the CoAP over BP draft was presented, including the payload length option for message aggregation and an implementation status report. The draft author asked for working group adoption.
Encrypting Partial IV in OSCOR Option: A new individual submission was presented proposing a method for encrypting the partial IV in the OSCOR option to prevent tracking attacks. The approach involves deriving an additional key and using a simple cipher (AES ECB) to encrypt a sample of the payload.
Using CoAP in Anima/GRASP: An overview of the GRASP protocol was given with the intent to see how the Anima working group could use the CoAP protocol in it's future work.

Decisions and Action Items

Decision: Discontinue work on the Core DNR draft. Focus efforts on the Transport Indication draft.
- Action Item: Provide any remaining comments on Core DNR to the mailing list.
Decision: Start call for adoption for draft-gomez-core-coap-bp as a working group document.

Next Steps

Continue discussions on URI Host option and DTLS on issue 49 in the corrections and clarifications document.
Continue discussion on CoAP use in Anima on the mailing list and consider presenting a more extensive plan at an interim meeting.
Address open points in various drafts based on feedback received during the meeting, especially about potential privacy issues when using CoAP for tracking.
Implement and align OSCOR key update designs.
Add examples including failure cases to the OSCOR Identifier Update draft.
Prepare pull request for the observed multicast notifications document to move all content related to a setup with proxies to an external document.
Get more security reviews for the Cacheable OSCOR draft.