[
Date Prev][Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] Proposal: Enhancing Mosquitto with Symmetric Key Payload & Topic Encryption
|
Roger Light via mosquitto-dev <mosquitto-dev@xxxxxxxxxxx> writes:
> Having said all that, the best plan is to submit a PR and we can all
> take a look. I'm interested to see what you've come up with.
I of course defer to the maintainer, but from my experience in protocol
design and prototype implementation, I would amend that to have the
following steps before code.
- Write a protocol specification and publish it, with the intent that
there can be other implementations based on the spec, but not
necessarily debugging the spec enough to be 100% sure it's precise enough.
As part of the spec, in the architecture section, explain what
problem you're solving, alternative approaches. Explain how it will
be used in practice.
In particular, if this is about e2e, explain why the broker needs
support at all.
You said encryption/confidentiality, but you didn't mention
integrity and replay protection. Either address that or in the
architecture section argue that substantially all users will have
the same confidentiality-only concerns, even after review by
experts.
If you're not reusing something (GSSAPI/krb5, DTLS) and carrying
wrapped data, explain why that's bad and why it's really necessary
to roll your own protocol.
Explain key management. That includes revocation and supercession.
You only have to do this as well as pkix/tls.
Explain how users will deal with key management.
- Write a high-level design that explains the big picture of how you
will change the mosquitto code. Perhaps as a PR to add design
docs, not to be merged until an implementation.
- Explain the path to adding this to the paho-mqtt python module. I
would say that absent two distinct open-source implementations, it's
really hard to believe that the spec is adequate.
