Uploaded image for project: 'OASIS Message Queuing Telemetry Transport (MQTT) TC'
  1. OASIS Message Queuing Telemetry Transport (MQTT) TC
  2. MQTT-425

Delete references to DES and discuss CHACHA20

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 5
    • Fix Version/s: 5, wd13
    • Component/s: edits
    • Labels:
      None
    • Proposal:
      Hide

      Review the section for anything which is not longer correct and update. Make sure references are updated.

      Show
      Review the section for anything which is not longer correct and update. Make sure references are updated.

      Description

      The security section 5 has a reference to AES and DES as cipher suites for mobile and embedded devices. The current recommendation for security is to totally disable all DES based ciphers including 3DES.

      The new cipher suite which is designed for use in less powerful devices is CHACHA20 which has equivalent encryption to AES but is faster to encrypt on processors without hardware support. The downside for now is that a lot of servers do not support it.

      I would actually like to remove section 5 as I think it is orthogonal to the MQTT specification, and highly prone to become outdated. However, if we decide to keep it we should keep it up to date at least at the time we release the specification.

        Attachments

          Activity

            People

            • Assignee:
              ken.borgendale Ken Borgendale (Inactive)
              Reporter:
              ken.borgendale Ken Borgendale (Inactive)
            • Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: