Additional Security Modes for CoAP

Document Type Expired Internet-Draft (individual)
Authors Ludwig Seitz  , Göran Selander 
Last updated 2014-04-24 (latest revision 2013-10-21)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The CoAP draft defines how to use DTLS as security mechanism. In order to establish which nodes are trusted to initiate a DTLS session with a device, the following security modes are defined: NoSec, PreSharedKey, RawPublicKey, and Certificate. These modes require either to provision a list of keys of trusted clients, or to handle heavyweight certificates. This memo proposes two intermediate security modes involving a trusted third party that are very similar to PreSharedKey and RawPublicKey respectively, but which do not require out-of-band provisioning of client keys to the device.


Ludwig Seitz (
Göran Selander (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)