|
|
|
|
|
|
by Animats
3965 days ago
|
|
|
The protocol almost totally ignores security. They try to pass the buck downwards: "As a transport protocol, MQTT is concerned only with message transmission and it is the implementer’s responsibility to provide appropriate security features. This is commonly achieved by using TLS." and upwards: "The Server MAY also use a security component to selectively authorize actions on the topic resource for a given Client." This is a very weak security model. There's nothing like a distinction between "report body temperature" and "update pacemaker firmware". |
|
|