Hello,

I have a network with multiple nodes and I have to send the same data or file to each of them, e.g., a firmware update. I am currently evaluating CoAP (+DTLS) for the "regular" data exchange and I wonder how I could transfer also short data or files using multicast. I understand that DTLS and multicast is not possible. Do you have an idea how (lib)CoAP could help here or would I have to simply handle all the encryption/signatures myself in the CoAP payload?

Simply encrypting CoAP packets using an own session PSK (that is distributed, e.g., using regular CoAP+DTLS at startup) would already help here, I think. Would the CoAP message id already suffice as replay protection in such a case? Is this something libcoap could do in the future or do you think this would be out of scope or a bad idea in general?

Thank you!

Interesting question, not sure that it has properly been solved.

Part of the challenge here is that if the data / file information does not fit into a single packet, then following the current CoAP RFCs, the second and subsequent packets needed to transfer the remainder of the data have to be done using Unicast.

It maybe that you need to consider using Group OSCORE to do the encryption rather than DTLS. This is not currently supported by libcoap (no plans) see I-D.ietf-core-oscore-groupcomm possibly using a mechanism as described in I-D.ietf-core-observe-multicast-notification