[SV_BubbleTime]

You lucky guys with IP stacks and TLS! I had to secure an IoT MQTT install where the packets themselves needed encryption which meant hamfisting in an encapsulated packet scheme (plain text header, end to end encrypted payloads). Kinda painful and I would not do that again!

[tialaramex]

It really seems like you could squeeze IP and thus (D)TLS in there instead, definitely something to eye up if ever you do have to do this again.

For TLS you can use pre-shared key mode so there's no extra gubbins like certificates, but you get all the same guarantees about whether what you're doing is actually safe as the big guys.

[SV_BubbleTime]

Entire chip has 512K of rom, if I could have fit IP I would have considered it, but I was already really quite cramped for room! I’m sure there are some tight IP systems but I’m already mesh/proxy-ing stuff, it was easier to just encapsulate.

[m_eiman]

There are small IP stacks, I use this one and it’s been working well: http://savannah.nongnu.org/projects/lwip/

Might still be too big if your other code is large, of course, but I use it comfortably on a 512 kB device.

[yc-kraln]

I've done NB-IoT in 32K of ROM... 512K is a luxury :)