draft-ietf-ace-usecases-09.txt   draft-ietf-ace-usecases-10.txt 
ACE Working Group L. Seitz, Ed. ACE Working Group L. Seitz, Ed.
Internet-Draft SICS Swedish ICT AB Internet-Draft SICS Swedish ICT AB
Intended status: Informational S. Gerdes, Ed. Intended status: Informational S. Gerdes, Ed.
Expires: April 9, 2016 Universitaet Bremen TZI Expires: April 25, 2016 Universitaet Bremen TZI
G. Selander G. Selander
Ericsson Ericsson
M. Mani M. Mani
Itron Itron
S. Kumar S. Kumar
Philips Research Philips Research
October 07, 2015 October 23, 2015
ACE use cases Use Cases for Authentication and Authorization in Constrained
draft-ietf-ace-usecases-09 Environments
draft-ietf-ace-usecases-10
Abstract Abstract
Constrained devices are nodes with limited processing power, storage Constrained devices are nodes with limited processing power, storage
space and transmission capacities. These devices in many cases do space and transmission capacities. These devices in many cases do
not provide user interfaces and are often intended to interact not provide user interfaces and are often intended to interact
without human intervention. without human intervention.
This document includes a collection of representative use cases for This document includes a collection of representative use cases for
authentication and authorization in constrained environments. These authentication and authorization in constrained environments. These
skipping to change at page 2, line 4 skipping to change at page 2, line 9
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 9, 2016.
This Internet-Draft will expire on April 25, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 41 skipping to change at page 2, line 47
2.2.2. Seamless Authorization . . . . . . . . . . . . . . . 7 2.2.2. Seamless Authorization . . . . . . . . . . . . . . . 7
2.2.3. Remotely letting in a visitor . . . . . . . . . . . . 8 2.2.3. Remotely letting in a visitor . . . . . . . . . . . . 8
2.2.4. Selling the house . . . . . . . . . . . . . . . . . . 8 2.2.4. Selling the house . . . . . . . . . . . . . . . . . . 8
2.2.5. Authorization Problems Summary . . . . . . . . . . . 8 2.2.5. Authorization Problems Summary . . . . . . . . . . . 8
2.3. Personal Health Monitoring . . . . . . . . . . . . . . . 9 2.3. Personal Health Monitoring . . . . . . . . . . . . . . . 9
2.3.1. John and the heart rate monitor . . . . . . . . . . . 10 2.3.1. John and the heart rate monitor . . . . . . . . . . . 10
2.3.2. Authorization Problems Summary . . . . . . . . . . . 11 2.3.2. Authorization Problems Summary . . . . . . . . . . . 11
2.4. Building Automation . . . . . . . . . . . . . . . . . . . 12 2.4. Building Automation . . . . . . . . . . . . . . . . . . . 12
2.4.1. Device Lifecycle . . . . . . . . . . . . . . . . . . 12 2.4.1. Device Lifecycle . . . . . . . . . . . . . . . . . . 12
2.4.2. Public Safety . . . . . . . . . . . . . . . . . . . . 16 2.4.2. Public Safety . . . . . . . . . . . . . . . . . . . . 16
2.4.3. Authorization Problems Summary . . . . . . . . . . . 17 2.4.3. Authorization Problems Summary . . . . . . . . . . . 16
2.5. Smart Metering . . . . . . . . . . . . . . . . . . . . . 18 2.5. Smart Metering . . . . . . . . . . . . . . . . . . . . . 18
2.5.1. Drive-by metering . . . . . . . . . . . . . . . . . . 18 2.5.1. Drive-by metering . . . . . . . . . . . . . . . . . . 18
2.5.2. Meshed Topology . . . . . . . . . . . . . . . . . . . 19 2.5.2. Meshed Topology . . . . . . . . . . . . . . . . . . . 19
2.5.3. Advanced Metering Infrastructure . . . . . . . . . . 19 2.5.3. Advanced Metering Infrastructure . . . . . . . . . . 19
2.5.4. Authorization Problems Summary . . . . . . . . . . . 20 2.5.4. Authorization Problems Summary . . . . . . . . . . . 19
2.6. Sports and Entertainment . . . . . . . . . . . . . . . . 20 2.6. Sports and Entertainment . . . . . . . . . . . . . . . . 20
2.6.1. Dynamically Connecting Smart Sports Equipment . . . . 21 2.6.1. Dynamically Connecting Smart Sports Equipment . . . . 21
2.6.2. Authorization Problems Summary . . . . . . . . . . . 21 2.6.2. Authorization Problems Summary . . . . . . . . . . . 21
2.7. Industrial Control Systems . . . . . . . . . . . . . . . 22 2.7. Industrial Control Systems . . . . . . . . . . . . . . . 22
2.7.1. Oil Platform Control . . . . . . . . . . . . . . . . 22 2.7.1. Oil Platform Control . . . . . . . . . . . . . . . . 22
2.7.2. Authorization Problems Summary . . . . . . . . . . . 23 2.7.2. Authorization Problems Summary . . . . . . . . . . . 23
3. Security Considerations . . . . . . . . . . . . . . . . . . . 23 3. Security Considerations . . . . . . . . . . . . . . . . . . . 23
3.1. Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.1. Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.2. Configuration of Access Permissions . . . . . . . . . . . 25 3.2. Configuration of Access Permissions . . . . . . . . . . . 25
3.3. Authorization Considerations . . . . . . . . . . . . . . 25 3.3. Authorization Considerations . . . . . . . . . . . . . . 25
3.4. Proxies . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.4. Proxies . . . . . . . . . . . . . . . . . . . . . . . . . 26
4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 26 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 27
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
7. Informative References . . . . . . . . . . . . . . . . . . . 27 7. Informative References . . . . . . . . . . . . . . . . . . . 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28
1. Introduction 1. Introduction
Constrained devices [RFC7228] are nodes with limited processing Constrained devices [RFC7228] are nodes with limited processing
power, storage space and transmission capacities. These devices are power, storage space and transmission capacities. These devices are
often battery-powered and in many cases do not provide user often battery-powered and in many cases do not provide user
skipping to change at page 4, line 15 skipping to change at page 4, line 19
1.1. Terminology 1.1. Terminology
Readers are required to be familiar with the terms defined in Readers are required to be familiar with the terms defined in
[RFC7228]. [RFC7228].
2. Use Cases 2. Use Cases
This section includes the use cases; each use case first presents a This section includes the use cases; each use case first presents a
general description of the application environment, than one or more general description of the application environment, than one or more
specific use cases, and finally a summary of the authorization- specific use cases, and finally a summary of the authorization-
related problems to be solved. related problems to be solved. The document aims at listing the
relevant authorization problems and not to provide an exhaustive
list. It might not be possible to address all of the listed problems
with a single solution; There might be conflicting goals within or
among some requirements.
There are various reasons for assigning a function (client or server) There are various reasons for assigning a function (client or server)
to a device, e.g. which device initiates the conversation, how do to a device, e.g. which device initiates the conversation, how do
devices find each other, etc. The definition of the function of a devices find each other, etc. The definition of the function of a
device in a certain use case is not in scope of this document. device in a certain use case is not in scope of this document.
Readers should be aware that there might be reasons for each setting Readers should be aware that there might be reasons for each setting
and that endpoints might even have different functions at different and that endpoints might even have different functions at different
times. times.
2.1. Container monitoring 2.1. Container monitoring
skipping to change at page 10, line 34 skipping to change at page 10, line 34
(pchalliance.org). (pchalliance.org).
2.3.1. John and the heart rate monitor 2.3.1. John and the heart rate monitor
John has a heart condition, that can result in sudden cardiac John has a heart condition, that can result in sudden cardiac
arrests. He therefore uses a device called HeartGuard that monitors arrests. He therefore uses a device called HeartGuard that monitors
his heart rate and his location (U3.7). In case of a cardiac arrest his heart rate and his location (U3.7). In case of a cardiac arrest
it automatically sends an alarm to an emergency service, transmitting it automatically sends an alarm to an emergency service, transmitting
John's current location (U3.1). Either the device has long range John's current location (U3.1). Either the device has long range
connectivity itself (e.g. via GSM) or it uses some intermediary, connectivity itself (e.g. via GSM) or it uses some intermediary,
nearby device (e.g. John's smartphone) to transmit such an alarm. nearby device (e.g. John's smartphone) to transmit such an alarm. To
To ensure Johns safety, the device is expected to be in constant ensure Johns safety, the device is expected to be in constant
operation (U3.3, U3.6). operation (U3.3, U3.6).
The device includes an authentication mechanism, in order to prevent The device includes an authentication mechanism, in order to prevent
other persons who get physical access to it from acting as the owner other persons who get physical access to it from acting as the owner
and altering the access control and security settings (U3.8). and altering the access control and security settings (U3.8).
John can configure additional persons that get notified in an John can configure additional persons that get notified in an
emergency, for example his daughter Jill. Furthermore the device emergency, for example his daughter Jill. Furthermore the device
stores data on John's heart rate, which can later be accessed by a stores data on John's heart rate, which can later be accessed by a
physician to assess the condition of John's heart (U3.2). physician to assess the condition of John's heart (U3.2).
skipping to change at page 13, line 12 skipping to change at page 13, line 15
light points react together, more or less synchronously (U4.8) and light points react together, more or less synchronously (U4.8) and
defining lighting scenes for particular areas of the building. The defining lighting scenes for particular areas of the building. The
commissioning is often done in phases, either by one or more commissioning is often done in phases, either by one or more
commissioners, on different floors. The building lighting network at commissioners, on different floors. The building lighting network at
this stage may be in different network islands with no connectivity this stage may be in different network islands with no connectivity
between them due to lack of the IT infrastructure. between them due to lack of the IT infrastructure.
After this, other building components like HVAC and security systems After this, other building components like HVAC and security systems
are similarly installed by electricians and later commissioned by are similarly installed by electricians and later commissioned by
their respective domain professionals. Similar configurations their respective domain professionals. Similar configurations
related to grouping (U4.8) are required to ensure for e.g. HVAC related to grouping (U4.8) are required to ensure for e.g. HVAC
equipment are controlled by the closest temperature sensor. equipment are controlled by the closest temperature sensor.
For the building IT systems, the Ethernet wiring is initially laid For the building IT systems, the Ethernet wiring is initially laid
out in the building according to the IT plan. The IT network is out in the building according to the IT plan. The IT network is
commissioned often after the construction is completed to avoid any commissioned often after the construction is completed to avoid any
damage to sensitive networking and computing equipment. The damage to sensitive networking and computing equipment. The
commissioning is performed by an IT engineer with additional switches commissioning is performed by an IT engineer with additional switches
(wired and/or wireless), IP routers and computing devices. Direct (wired and/or wireless), IP routers and computing devices. Direct
Internet connectivity for all installed/commissioned devices in the Internet connectivity for all installed/commissioned devices in the
building is only available at this point. The BLMS that monitors and building is only available at this point. The BLMS that monitors and
skipping to change at page 14, line 35 skipping to change at page 14, line 38
Company C gets the necessary authorization from the facility Company C gets the necessary authorization from the facility
management company to interact with the BLMS. The commissioner's management company to interact with the BLMS. The commissioner's
tool gets the necessary authorization from BLMS to send a tool gets the necessary authorization from BLMS to send a
configuration change to all lighting devices in Company A's offices configuration change to all lighting devices in Company A's offices
to increase their delay before they switch off. to increase their delay before they switch off.
At some point the facility management company wants to update the At some point the facility management company wants to update the
firmware of lighting devices in order to eliminate software bugs. firmware of lighting devices in order to eliminate software bugs.
Before accepting the new firmware, each device checks the Before accepting the new firmware, each device checks the
authorization of the facility management company to perform this authorization of the facility management company to perform this
update. update (U4.13).
A network diagnostic tool of the BLMS detects that a luminaire in one A network diagnostic tool of the BLMS detects that a luminaire in one
of the Company A's office room is no longer connected to the network. of the Company A's office room is no longer connected to the network.
The BLMS alerts the facility manager to replace the luminaire. The The BLMS alerts the facility manager to replace the luminaire. The
facility manager replaces the old broken luminaire and informs the facility manager replaces the old broken luminaire and informs the
BLMS of the identity (for e.g. MAC address) of the newly added BLMS of the identity (for e.g. MAC address) of the newly added
device. The BLMS then authorizes the new device onto the system and device. The BLMS then authorizes the new device onto the system and
transfers seamlessly all the permissions of the previous broken transfers seamlessly all the permissions of the previous broken
device to the replacement device (U4.12). device to the replacement device (U4.12).
2.4.1.4. Recommissioning 2.4.1.4. Recommissioning
A vacant area of the building has been recently leased to company A. A vacant area of the building has been recently leased to company A.
Before moving into its new office, Company A wishes to replace the Before moving into its new office, Company A wishes to replace the
lighting with a more energy efficient and a better light quality lighting with a more energy efficient and a better light quality
luminaries. They hire an installation and commissioning company C to luminaries. They hire an installation and commissioning company C to
redo the illumination. Company C is instructed to integrate the new redo the illumination. Company C is instructed to integrate the new
lighting devices, which may be from multiple manufacturers, into the lighting devices, which may be from multiple manufacturers, into the
existing lighting infrastructure of the building which includes existing lighting infrastructure of the building which includes
presence sensors, switches, controllers etc (U4.1). presence sensors, switches, controllers etc (U4.1).
Company C gets the necessary authorization from the facility Company C gets the necessary authorization from the facility
skipping to change at page 18, line 7 skipping to change at page 18, line 5
o U4.11 The building owner and the public safety authorities want to o U4.11 The building owner and the public safety authorities want to
be able to perform data origin authentication on messages sent and be able to perform data origin authentication on messages sent and
received by some of the systems in the building. received by some of the systems in the building.
o U4.12 The building owner should be allowed to replace an existing o U4.12 The building owner should be allowed to replace an existing
device with a new device providing the same functionality within device with a new device providing the same functionality within
their administrative domain. Access control from the replaced their administrative domain. Access control from the replaced
device should then apply to these new devices seamlessly. device should then apply to these new devices seamlessly.
o U4.13 When software on a device is updated, this update needs to
be authenticated and authorized.
2.5. Smart Metering 2.5. Smart Metering
Automated measuring of customer consumption is an established Automated measuring of customer consumption is an established
technology for electricity, water, and gas providers. Increasingly technology for electricity, water, and gas providers. Increasingly
these systems also feature networking capability to allow for remote these systems also feature networking capability to allow for remote
management. Such systems are in use for commercial, industrial and management. Such systems are in use for commercial, industrial and
residential customers and require a certain level of security, in residential customers and require a certain level of security, in
order to avoid economic loss to the providers, vulnerability of the order to avoid economic loss to the providers, vulnerability of the
distribution system, as well as disruption of services for the distribution system, as well as disruption of services for the
customers. customers.
skipping to change at page 22, line 23 skipping to change at page 22, line 23
2.7. Industrial Control Systems 2.7. Industrial Control Systems
Industrial control systems (ICS) and especially supervisory control Industrial control systems (ICS) and especially supervisory control
and data acquisition systems (SCADA) use a multitude of sensors and and data acquisition systems (SCADA) use a multitude of sensors and
actuators in order to monitor and control industrial processes in the actuators in order to monitor and control industrial processes in the
physical world. Example processes include manufacturing, power physical world. Example processes include manufacturing, power
generation, and refining of raw materials. generation, and refining of raw materials.
Since the advent of the Stuxnet worm it has become obvious to the Since the advent of the Stuxnet worm it has become obvious to the
general public how vulnerable these kind of systems are, especially general public how vulnerable these kind of systems are, especially
when connected to the Internet. The severity of these when connected to the Internet [Karnouskos11]. The severity of these
vulnerabilities are exacerbated by the fact that many ICS are used to vulnerabilities are exacerbated by the fact that many ICS are used to
control critical public infrastructure, such as nuclear power, water control critical public infrastructure, such as nuclear power, water
treatment of traffic control. Nevertheless the economical advantages treatment of traffic control. Nevertheless the economical advantages
of connecting such systems to the Internet can be significant if of connecting such systems to the Internet can be significant if
appropriate security measures are put in place (U7.5). appropriate security measures are put in place (U7.5).
2.7.1. Oil Platform Control 2.7.1. Oil Platform Control
An oil platform uses an industrial control system to monitor data and An oil platform uses an industrial control system to monitor data and
control equipment. The purpose of this system is to gather and control equipment. The purpose of this system is to gather and
skipping to change at page 24, line 18 skipping to change at page 24, line 18
3.1. Attacks 3.1. Attacks
This document lists security problems that users of constrained This document lists security problems that users of constrained
devices want to solve. Further analysis of attack scenarios is not devices want to solve. Further analysis of attack scenarios is not
in scope of the document. However, there are attacks that must be in scope of the document. However, there are attacks that must be
considered by solution developers. considered by solution developers.
Because of the expected large number of devices and their ubiquity, Because of the expected large number of devices and their ubiquity,
constrained devices increase the danger from Pervasive Monitoring constrained devices increase the danger from Pervasive Monitoring
[RFC7258] attacks. [RFC7258] attacks. Solution Designers should consider this in the
design of their security solution and provide for protection against
this type of attack. In particular, messages containing sensitive
data that are send over unprotected channels should be encrypted if
possible.
Attacks aim at altering data in transit (e.g. to perpetrate fraud) Attacks aimed at altering data in transit (e.g. to perpetrate fraud)
are a problem that is addressed in many web security protocols such are a problem that is addressed in many web security protocols such
as TLS or IPSec. as TLS or IPSec. Developers need to consider this type of attacks,
Developers need to consider this type of attacks, and make sure that and make sure that the protection measures they implement are adapted
the protection measures they implement are adapted to the constrained to the constrained environment.
environment.
As some of the use cases indicate, constrained devices may be As some of the use cases indicate, constrained devices may be
installed in hostile environments where they are physically installed in hostile environments where they are physically
accessible (see Section 2.5). Protection from physical attacks is accessible (see Section 2.5). Protection from physical attacks is
not in the scope of this document, but should be kept in mind by not in the scope of this document, but should be kept in mind by
developers of authorization solutions. developers of authorization solutions.
Denial of service (DoS) attacks threaten the availability of services Denial of service (DoS) attacks threaten the availability of services
a device provides and constrained devices are especially vulnerable a device provides and constrained devices are especially vulnerable
to these types of attacks because of their limitations. Attackers to these types of attacks because of their limitations. Attackers
can illicit a temporary or, if the battery is drained, permanent can illicit a temporary or, if the battery is drained, permanent
failure in a service simply by repeatedly flooding the device with failure in a service simply by repeatedly flooding the device with
connection attempts; for some services (see section Section 2.3), connection attempts; for some services (see section Section 2.3),
availability is especially important. availability is especially important. Solution designers must be
Solution designers must be particularly careful to consider the particularly careful to consider the following limitations in every
following limitations in every part of the authorization solution: part of the authorization solution:
o Battery usage o Battery usage
o Number of required message exchanges o Number of required message exchanges
o Size of data that is transmitted (e.g. authentication and access o Size of data that is transmitted (e.g. authentication and access
control data) control data)
o Size of code required to run the protocols o Size of code required to run the protocols
skipping to change at page 26, line 28 skipping to change at page 26, line 31
o Secure default settings are needed for the initial state of the o Secure default settings are needed for the initial state of the
authentication and authorization protocols (all use cases). authentication and authorization protocols (all use cases).
Rationale: Many attacks exploit insecure default settings, and Rationale: Many attacks exploit insecure default settings, and
experience shows that default settings are frequently left experience shows that default settings are frequently left
unchanged by the end users. unchanged by the end users.
o Access to resources on other devices should only be permitted if a o Access to resources on other devices should only be permitted if a
rule exists that explicitly allows this access (default deny) (see rule exists that explicitly allows this access (default deny) (see
e.g. Section 2.4). e.g. Section 2.4).
o Usability is important for all use cases. The configuration of o Usability is important for all use cases. The configuration of
authorization policies as well as the gaining access to devices authorization policies as well as the gaining access to devices
must be simple for the users of the devices. Special care needs must be simple for the users of the devices. Special care needs
to be taken for scenarios where access control policies have to be to be taken for scenarios where access control policies have to be
configured by users that are typically not trained in security configured by users that are typically not trained in security
(see Section 2.2, Section 2.3, Section 2.6). (see Section 2.2, Section 2.3, Section 2.6).
o Software updates are an important operation for which correct
authorization is crucial. Additionally authenticating the
receiver of a software update is also important, for example to
make sure that the update has been received by the intended
device.
3.4. Proxies 3.4. Proxies
In some cases, the traffic between endpoints might go through In some cases, the traffic between endpoints might go through
intermediary nodes (e.g. proxies, gateways). This might affect the intermediary nodes (e.g. proxies, gateways). This might affect the
function or the security model of authentication and access control function or the security model of authentication and access control
protocols e.g. end-to-end security between endpoints with DTLS might protocols e.g. end-to-end security between endpoints with DTLS might
not be possible (see Section 2.5). not be possible (see Section 2.5).
4. Privacy Considerations 4. Privacy Considerations
skipping to change at page 27, line 47 skipping to change at page 28, line 7
7. Informative References 7. Informative References
[Jedermann14] [Jedermann14]
Jedermann, R., Poetsch, T., and C. LLoyd, "Communication Jedermann, R., Poetsch, T., and C. LLoyd, "Communication
techniques and challenges for wireless food quality techniques and challenges for wireless food quality
monitoring", Philosophical Transactions of the Royal monitoring", Philosophical Transactions of the Royal
Society A Mathematical, Physical and Engineering Sciences, Society A Mathematical, Physical and Engineering Sciences,
May 2014. May 2014.
[Karnouskos11]
Karnouskos, S., "Stuxnet Worm Impact on Industrial Cyber-
Physical System Security", IECON 2011 - 37th Annual
Conference on IEEE Industrial Electronics Society, pp.
4490-4494 , November 2011.
[RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for
Constrained-Node Networks", RFC 7228, DOI 10.17487/ Constrained-Node Networks", RFC 7228, DOI 10.17487/
RFC7228, May 2014, RFC7228, May 2014,
<http://www.rfc-editor.org/info/rfc7228>. <http://www.rfc-editor.org/info/rfc7228>.
[RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
Application Protocol (CoAP)", RFC 7252, DOI 10.17487/ Application Protocol (CoAP)", RFC 7252, DOI 10.17487/
RFC7252, June 2014, RFC7252, June 2014,
<http://www.rfc-editor.org/info/rfc7252>. <http://www.rfc-editor.org/info/rfc7252>.
 End of changes. 22 change blocks. 
26 lines changed or deleted 50 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/