Questions on MQTT Security features
Sasikumar Natarajan
What are the information(Ex: device ID, MAC etc…) will be sent to MQTT server in the background when we create a connection?
Can we block a device from connecting to a MQTT server?
Can we block a device from Subscribing to a topic?
Do we have any device registration on MQTT server. So that We can only allow known devices? If we have some registration mechanism, Can we do it dynamically using API?
Dave Locke
MQTT flows over a socket either in the clear or secure (via SSL/TLS)
If using a secure connection then SSL/ TLS provides a level of authtentication / trust. Generally the server has a cert enabling the device / client to trust the server. The device / client can also have a cert enabling mutual trust.
Once the socket is established then the MQTT connect packet is sent. Each MQTT client needs a unique ID. A MAC address is an example of an ID that can be used as the MQTT client ID. In addition other credentials (think password like) can be sent enabling the server to validate the client. Once the connect flow is acknowledge the client is deemed to trust the server and vice versa. At this point an MQTT session has been established and messages can start flowing in both directions.
Normal network / firewall infrastructure comes into play just as it does with HTTP e.g. firewalls...
All th
--
To learn more about MQTT please visit http://mqtt.org
---
You received this message because you are subscribed to the Google Groups
"MQTT" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to mqtt+uns...@googlegroups.com.
To post to this group, send email to mq...@googlegroups.com.
Visit this group at http://groups.google.com/group/mqtt.
For more options, visit https://groups.google.com/d/optout.
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6
3AU