Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Proposal: Enhancing Mosquitto with Symmetric Key Payload & Topic Encryption 
Hi Tim,

Sorry for having missed these emails earlier.

On the project practical side, as Frédéric suggests there are some
requirements around making submissions. What he didn't mention is that
if the contribution results in >1000 lines of changed code, then it
has to go through an IP approval with Eclipse, but that's for me to
worry about, not you.

Now on the idea itself, it certainly sounds interesting. End to end
encryption is a good feature in general, and would definitely be
useful in some situations. It does somewhat go against the MQTT
philosophy of decoupling publisher and subscriber, but that doesn't
apply to everybody.

My concerns are similar to Greg's - interoperability with other
systems, or at least a spec so others could do that, the
maintainability of it, and whether you have rolled your own crypto.
Also how invasive it is - from what you've described it feels like it
could work quite happily as a plugin, which would be an ideal
scenario.

Having said all that, the best plan is to submit a PR and we can all
take a look. I'm interested to see what you've come up with.

Regards,

Roger

On Tue, 10 Jun 2025 at 13:19, Tim Dhillon via mosquitto-dev
<mosquitto-dev@xxxxxxxxxxx> wrote:
>
> I work for a startup called Blue mesh Solutions.
>
> I’ve developed a new library that provides symmetric key encryption (with a default minimum of 1024 bits). I've successfully integrated this library directly into the Mosquitto source code, creating a modified Mosquitto broker and accompanying library.
>
> This enhancement offers the following key capabilities:
>
> End-to-End Payload Encryption: Message payloads are encrypted end-to-end, ensuring confidentiality between the publishing client and the subscribing client.
> Topic Encryption: In addition to payload encryption, the MQTT topic itself is also encrypted.
> Flexible Security Layers: This encryption can be used in two primary ways:
>
> Double-Wrapped Security: It can be layered on top of existing TLS connections, providing an additional robust layer of encryption.
> Resource-Constrained Devices: Alternatively, for devices where TLS overhead is prohibitive, this library offers a viable encryption solution without requiring full TLS implementation.
>
> I believe this feature would be a valuable addition to the Mosquitto core source. It addresses critical security needs, particularly for sensitive data and in environments with limited resources.
>
> Would there be interest in incorporating this enhancement into the official Mosquitto source? If so, what would be the process for proposing this, and who typically makes the final decision on such contributions?
>
> Thanks
>
> Tim
>
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

Back to the top