IoT SIG - 2019-12-18

  1. flow

    COM8 congrats :)

  2. flow

    debacle, can you use TLS client certs without signing and encrypting the stream? If not, how is using OpenPGP heavier than TLS (client certs)?

  3. flow

    It really depends on your use case. I could be wrong, but assuming that using a TLS client cert requires the stream to get signed and encrypted, OpenPGP would at least provide you with the flexibilty to sign only specific parts

  4. flow

    But on the other hand, if you do IoT with XMPP you most certainly want to use TLS, so using a TLS client cert only adds a little bit more to the TLS handshake but next to nothing after that

  5. flow

    But if your IoT device needs to connect with different XMPP services, then using a (single) TLS client cert sounds not like the right approach

  6. debacle

    flow, the connection is TLS anyway, i.e. PGP would come on top and therefore were heavier.

  7. debacle

    Btw, if I wanted to use PGP, it would make sense to sign only the payload, not the stanza, so that I can pass that payload even outside of the XMPP world, while the signature still could be validated.

  8. flow

    ok, but if you don't PGP everything, and already do TLS, then I'd argue the PGP overhead is probably not an issue

  9. flow

    debacle, ^

  10. flow

    of course, it really depends on the used hardware, software stack and what you actually want to do

  11. debacle

    our hardware is very ancient, but probably PGP still runs fine

  12. debacle

    and we have only to sign one file per second

  13. debacle

    not hundreds

  14. flow

    depends on the size of that one file ;)