Skip to content

Commit c9dc24e

Browse files
author
ietf-corpus-bot
committed
auto-ingest: ietf-elements backfill — 252 new elements (2026-07-06)
1 parent 6cca9e7 commit c9dc24e

252 files changed

Lines changed: 2262 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
document: rfc-8782
2+
kind: design-rationale
3+
summary: Mitigation status notifications from DOTS servers are forced to Non-confirmable (overriding RFC 7641's recommendation to send Confirmable at least every 24 hours) because the signal channel uses a heartbeat to detect liveness, and Confirmable messages impose excessive overhead during active DDoS attacks.
4+
section: 4.4.2.1
5+
topics:
6+
- security
7+
extracted_by: claude-sonnet-4-6
8+
extracted_at: "2026-07-06"
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
document: rfc-8782
2+
kind: design-rationale
3+
summary: Port 4646 was chosen instead of CoAP's default 5684 to avoid service/resource discovery defined in RFC 7252 and to enable differentiated behaviors in environments where a DOTS gateway and an IoT gateway are co-located. The default port also simplifies deployment in LAN scenarios where the default router is the DOTS server.
4+
section: "3"
5+
topics:
6+
- security
7+
extracted_by: claude-sonnet-4-6
8+
extracted_at: "2026-07-06"
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
document: rfc-8782
2+
kind: design-rationale
3+
summary: The Happy Eyeballs preference order—UDP/IPv6 first, then UDP/IPv4, TCP/IPv6, TCP/IPv4—promotes UDP to avoid TCP's head-of-line blocking, which is critical during DDoS attacks when rapid signaling is essential.
4+
section: "4.3"
5+
topics:
6+
- security
7+
- udp
8+
- tcp
9+
- ip
10+
extracted_by: claude-sonnet-4-6
11+
extracted_at: "2026-07-06"
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
document: rfc-8782
2+
kind: interoperability-note
3+
summary: CoAP over reliable transports (TLS/TCP) does not support Confirmable or Non-confirmable message types per RFC 8323, so transmission-related parameters ('missing-hb-allowed', signal loss ratio) are negotiated only for DOTS over UDP/DTLS.
4+
section: "4.5"
5+
topics:
6+
- security
7+
- tcp
8+
- tls
9+
extracted_by: claude-sonnet-4-6
10+
extracted_at: "2026-07-06"
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
document: rfc-8782
2+
kind: interoperability-note
3+
summary: When DOTS is deployed behind NAT (Traditional NAT, CGN, NAT64, NPTv6), internal addresses MUST be replaced with external addresses in DOTS messages. PCP or STUN may be used to discover external addresses; a co-located DOTS gateway may update messages using the translator's binding table.
4+
section: "3"
5+
topics:
6+
- nat
7+
- security
8+
- ip
9+
extracted_by: claude-sonnet-4-6
10+
extracted_at: "2026-07-06"
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
document: rfc-8782
2+
kind: normative-requirement
3+
summary: Absent a mutual agreement on port, the DOTS signal channel MUST run over port number 4646 for both UDP and TCP. To use a different port, DOTS clients and servers SHOULD support a configurable parameter.
4+
section: "3"
5+
rfc2119_level: MUST
6+
topics:
7+
- security
8+
- dns
9+
extracted_by: claude-sonnet-4-6
10+
extracted_at: "2026-07-06"
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
document: rfc-8782
2+
kind: normative-requirement
3+
summary: Both DOTS signal and data channel sessions require mutual client authentication (Section 8). The DOTS server uses (D)TLS with mutual certificate validation or PSK to authenticate DOTS clients and authorize their mitigation scopes.
4+
section: "8"
5+
rfc2119_level: MUST
6+
topics:
7+
- security
8+
- tls
9+
- crypto
10+
extracted_by: claude-sonnet-4-6
11+
extracted_at: "2026-07-06"
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
document: rfc-8782
2+
kind: normative-requirement
3+
summary: '''cuid'' MUST be generated by DOTS clients and MUST NOT be changed while mitigations are active. DOTS servers MUST return 4.09 (Conflict) when a ''cuid'' is already in use by another DOTS client.'
4+
section: 4.4.1
5+
rfc2119_level: MUST
6+
topics:
7+
- security
8+
extracted_by: claude-sonnet-4-6
9+
extracted_at: "2026-07-06"
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
document: rfc-8782
2+
kind: normative-requirement
3+
summary: DOTS agents MUST NOT send more than one UDP datagram per RTT to a peer on average. If an RTT estimate cannot be maintained, a DOTS client MUST NOT send more than one Non-confirmable request every 3 seconds.
4+
section: "4.4"
5+
rfc2119_level: MUST NOT
6+
topics:
7+
- security
8+
- congestion
9+
- udp
10+
extracted_by: claude-sonnet-4-6
11+
extracted_at: "2026-07-06"
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
document: rfc-8782
2+
kind: normative-requirement
3+
summary: DOTS agents MUST support GET, PUT, and DELETE CoAP methods. Payloads in 2.xx responses MUST use content type 'application/dots+cbor'. Responses with 4.xx and 5.xx codes MUST include a diagnostic payload.
4+
section: "3"
5+
rfc2119_level: MUST
6+
topics:
7+
- security
8+
extracted_by: claude-sonnet-4-6
9+
extracted_at: "2026-07-06"

0 commit comments

Comments
 (0)