CoAP over TCP
Californium currently have an experimental and incomplete implementation of CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets - RFC8323
The current implementation is based on TCP connector based on Netty 4.x.
The idea about having a Client TCP connector based on JDK only was raised by the past but there is nothing like this for now.
Here is an attempt to list already implemented and missing features.
A minimal viable feature should probably implement all mandatory feature.
| Feature | Mandatory | Implemented | Comments |
|---|---|---|---|
| Message Format | ✔️ | ✔️ | |
| Capabilities and Settings Messages | ✔️ | ❌ | From 3.3 .Message Transmission : Once a Transport Connection is established, each endpoint MUST send a CSM (see Section 5.3) as its first message on the connection. ... ... Endpoints MUST treat a missing or invalid CSM as a connection error and abort the connection (see Section 5.6). |
| Keep Alive | ❓ | A minimal viable feature should at least ignore Keep Alive | |
| Ping/Pong | ✔️ | ❌ | A minimal viable feature should at least answer to Ping with a Pong |
| Ping/Pong : Custody Option | ❌ | ||
| Release Messages | ❌ | ||
| Release Messages : Alternative-Address Option | ❌ | ||
| Release Messages : Hold-Off | ❌ | ||
| Abort Messages | ✔️ | ❌ | |
| Abort Messages : Bad-CSM-Option | ❌ | ||
| Block-Wise Transfer | ✔️ | ||
| Block-Wise Transfer : BERT Option | ✔️ | ||
| Observing Resource | 🚧 | Partially implemented, missing : "If the client observes one or more resources over a reliable transport, then the CoAP server ... MUST remove all entries associated with the client endpoint from the lists of observers when the connection either times out or is closed." |
| Feature | Mandatory | Implemented | Comments |
|---|---|---|---|
| PreSharedKey | ✔️ | ❓ | "PreSharedKey", "RawPublicKey", or "Certificate" is mandatory to implement for the TLS binding, depending on the credential type used with the device. A device compliant with the profile in this section MUST implement TLS_PSK_WITH_AES_128_CCM_8 and follow the guidance from this section. |
| RawPublicKey | ✔️ | ❓ | "PreSharedKey", "RawPublicKey", or "Certificate" is mandatory to implement for the TLS binding, depending on the credential type used with the device. A device compliant with the profile in this section MUST implement TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 and follow the guidance from this section.. |
| Certificate | ✔️ | ❓ | "PreSharedKey", "RawPublicKey", or "Certificate" is mandatory to implement for the TLS binding, depending on the credential type used with the device. A device compliant with the profile in this section MUST implement TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 and follow the guidance from this section. |
Note about CCM_8 mandatory cipher suite, there is discussions to know if it should be deprecated or not.
So a first minimal viable feature could start with cipher suites supported by JDK/netty (see #1488-comment).
Nothing specific to WebSocket is currently implemented.
Education - Courses - Tutorials
Links to research information about CoAP and DTLS 1.2
History of reported Attacks around CoAP and DTLS
Californium - running the sandbox locally for integration tests
Californium as old style unix systemd service
Logs and IP Capturing ‐ How To Provide The Right Information
DTLS 1.2 connection ID bypassing NATs