Hi, I've been reading the mosquitto documentation about security and I'm a bit confused about what would be the best setup for supporting a huge number of clients trying to keep the system as simple as possible.
To be more specific imagine an scenario with a broker exposed to the internet which is being accessed by third party products/code (i.e: devices sending temperature data). Let's say that users of this system could have lots of devices and wanted to connect them to the broker. In a perfect (and secure) world all that clients should have different credentials but in reality this could be tricky because all devices should be configured one by one and all credentials remembered/stored. If I'm not wrong the documentation states that it is recommended to use different certificates for server, CA and clients so I suppose it is also problematic using only one user/password in all people's devices or the same PSK, right? In order to balance security and simplicity I'm wondering if the best solution is to expose a broker to the internet and bridge it to a "private" broker but I'm still confused about what kind of security should be implemented in the "external broker". Any advice on this? Thanks in advance, Alfonso
-- Mailing list: https://launchpad.net/~mosquitto-users Post to : mosquitto-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~mosquitto-users More help : https://help.launchpad.net/ListHelp
