]> TUD Dresden University of Technology

Helmholtzstr. 10 Dresden D-01069 Germany martine.lenders@tu-dresden.de

christian@amsuess.com

HAW Hamburg

Berliner Tor 7 Hamburg D-20099 Germany t.schmidt@haw-hamburg.de

TUD Dresden University of Technology & Barkhausen Institut

Helmholtzstr. 10 Dresden D-01069 Germany m.waehlisch@tu-dresden.de

WIT core CoRE CoAP SVCB DTLS ALPN This document specifies an Application-Layer Protocol Negotiation (ALPN) ID for Constrained Application Protocol (CoAP) services that are secured by DTLS.

Introduction Application-Layer Protocol Negotiation (ALPN) enables communicating parties to agree on an application-layer protocol during a Transport Layer Security (TLS) handshake using an ALPN ID . This ALPN ID can be discovered for services as part of Service Bindings (SVCBs) via the DNS, using SVCB resource records with the "alpn" Service Parameter Keys . As an example, applications that use the Constrained Application Protocol (CoAP) can obtain this information as part of the discovery of DNS over CoAP (DoC) servers (see ) that deploy TLS 1.3 as well as Datagram Transport Layer Security (DTLS) 1.2 or 1.3 to secure their messages. This document specifies an ALPN ID for CoAP services that are secured by DTLS. An ALPN ID for CoAP services secured by TLS has already been specified in .

Application-Layer Protocol Negotiation (ALPN) IDs For CoAP over TLS, an ALPN ID is defined as "coap" in . As it is not advisable to reuse the same ALPN ID for a different transport layer, an ALPN for CoAP over DTLS is registered in . ALPN ID values have variable length. For CoAP over DTLS, a short value ("co") is allocated, as this can avoid fragmentation of Client Hello and Server Hello messages in constrained networks with link-layer fragmentation, such as 6LoWPAN . To discover CoAP services that secure their messages with TLS or DTLS, the ALPN IDs "coap" and "co" can be used, respectively, in the same manner as for any other service secured with TLS, as described in . The discovery of CoAP services that rely on other security mechanisms is out of the scope of this document.

Security Considerations Any security considerations for ALPN (see ) and SVCB resource records (see ) also apply to this document.

IANA Considerations IANA has added the following entry to the "TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs" registry in the "Transport Layer Security (TLS) Extensions" registry group. TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs Registry

Protocol	Identification Sequence	Reference
CoAP (over DTLS)	0x63 0x6f ("co")	, RFC 9952

Note that does not define the use of the ALPN TLS extension during the DTLS connection handshake. This document does not change this behavior and thus does not establish any rules like those in .

References Normative References Informative References

Acknowledgments We would like to thank for the expert review on the "co" ALPN ID allocation. We would also like to thank and for their early reviews before WG adoption of this specification and , , and for their feedback and comments. This work was supported in parts by the German Federal Ministry of Research, Technology, and Space (BMFTR) under the grant numbers 16KIS1386K (TU Dresden) and 16KIS1387 (HAW Hamburg) within the research project PIVOT and under the grant numbers 16KIS1694K (TU Dresden) and 16KIS1695 (HAW Hamburg) within the research project C-ray4edge.