EST-CoAP is a combination of two existing protocols, EST (Enrollment over Secure Transport RFC 7030) and CoAP (Constrained Application Protocol RFC 7252). EST-CoAP is designed to work with the EST base module and provide EST certification using the CoAP protocol instead of HTTP.
Standard EST uses HTTPS as a transport protocol, but this does not sit well with the Internet of Things (IoT) since EST messages are relatively large, making it difficult to move them around constrained networks. EST-CoAP was created to address this issue where HTTPS is replaced by CoAP as the transport protocol. As a result, networks such as Wireless which use CoAP can implement EST with fragmentation being performed at the Application layer with EST messages. This then fits with the Constrained network model where UDP, DTLS, and CoAP are used instead of TCP, TLS, and HTTP, allowing the use of EST in a low resource environment.
The EST-CoAP module forms part of HCC's TCP/IP Security stack and is designed specifically for use with it.
The general features of the system are the following:
- Conforms to the HCC Advanced Embedded Framework.
- Complies with the HCC MISRA-compliant TCP/IP stack.
- Designed for integration with both RTOS and non-RTOS based systems.
The features implemented within CoAP are the following:
- Web protocol fulfilling M2M requirements in constrained environments.
- UDP [RFC 0768] binding with optional reliability supporting unicast and multicast requests.
- Asynchronous message exchanges.
- Low header overhead and parsing complexity.
- URI and Content-type support.
- Simple proxy and caching capabilities.
- Stateless HTTP mapping, allowing proxies to be built providing access to CoAP resources via HTTP in a uniform way, or for HTTP simple interfaces to be realized alternatively over CoAP.
- Security binding to Datagram Transport Layer Security 1.2 (DTLS) [RFC 6347].
An EST-CoAP server differs from an EST server as follows:
- Replacement of TLS by DTLS and HTTP by CoAP, resulting in:
- DTLS-secured CoAP sessions between an EST-coaps client and EST-coaps server.
- Only certificate-based client authentication is supported, which results in: