Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Michael Combs
Jul 27, 2014, 2:40:07 PM7/27/14
to mq...@googlegroups.com
Has anyone done any work regarding message provenance? I'd like to be able to validate the origin of the message either at the broker, or at subscribed clients. I'd prefer not to use any public/private key encrytion for performance reasons. I'm trying to prevent message spoofing by bad clients, not necessarily man in the middle attacks. We're allowing 3rd party vendors to participate in our mqtt/messaging system, so we can't necessarily control this behavior with broker authentication.
It would be relatively simple if an MQTT publish message included the publisher client ID in the header of a publish message. The broker could simply validate that the client ID in the message matched the client ID associated with the communication channel on which the message arrived. I am using my own broker code and upon receiving a publish message can parse the message payload and validate before passing the message on to subscribers. However, I'd prefer not to be bound to my own broker or require that my broker understand message content.
Thanks,
-Michael Combs
Vatsal Shah
Jul 28, 2014, 6:50:18 PM7/28/14
to mq...@googlegroups.com
Hey Michael,
We implemented this with content based router (CBR) at the broker entrance.
We include timestamp and "daily shared token" in message. Our client and CBR both knows this token. ( you can define more variables like content type, size, format, IP or clientID for filtering)
If daily shared token doesn't match ( or large timestamp variation), message won't get passed to broker. You can always connect CBR to authentication database but it increases latency.
Hope that helps.
Vatsal Shah
Michael Combs
Jul 29, 2014, 12:40:00 PM7/29/14
to mq...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages