IoT SIG - 2019-12-18

  1. debacle has left

  2. Alacer has left

  3. Alacer has joined

  4. Tobi has joined

  5. Alacer has left

  6. Alacer has joined

  7. debacle has joined

  8. flow

    COM8 congrats :)

  9. flow

    debacle, can you use TLS client certs without signing and encrypting the stream? If not, how is using OpenPGP heavier than TLS (client certs)?

  10. flow

    It really depends on your use case. I could be wrong, but assuming that using a TLS client cert requires the stream to get signed and encrypted, OpenPGP would at least provide you with the flexibilty to sign only specific parts

  11. flow

    But on the other hand, if you do IoT with XMPP you most certainly want to use TLS, so using a TLS client cert only adds a little bit more to the TLS handshake but next to nothing after that

  12. flow

    But if your IoT device needs to connect with different XMPP services, then using a (single) TLS client cert sounds not like the right approach

  13. Alacer has left

  14. Alacer has joined

  15. debacle has left

  16. debacle has joined

  17. debacle

    flow, the connection is TLS anyway, i.e. PGP would come on top and therefore were heavier.

  18. debacle

    Btw, if I wanted to use PGP, it would make sense to sign only the payload, not the stanza, so that I can pass that payload even outside of the XMPP world, while the signature still could be validated.

  19. Alacer has left

  20. Alacer has joined

  21. COM8 has joined

  22. COM8 has left

  23. Syndace has left

  24. Syndace has joined

  25. flow

    ok, but if you don't PGP everything, and already do TLS, then I'd argue the PGP overhead is probably not an issue

  26. flow

    debacle, ^

  27. flow

    of course, it really depends on the used hardware, software stack and what you actually want to do

  28. debacle

    our hardware is very ancient, but probably PGP still runs fine

  29. debacle

    and we have only to sign one file per second

  30. debacle

    not hundreds

  31. debacle has left

  32. Alacer has left

  33. Alacer has joined

  34. flow

    depends on the size of that one file ;)

  35. debacle has joined

  36. debacle has left

  37. Tobi has left

  38. debacle has joined

  39. debacle has left