Understanding that Particle doesn’t provide HTTPS/TLS (even the lighter-weight elliptic curve crypto), it seems we’re left with webhooks to hit configured AWS endpoints.
Security is a hugely important thing for our customers, as I am sure many of yours. I am wondering what documentation / best-practices are out there?
In our particular case, we just need to be able to pub/sub MQTT topics…
There’s a decent-looking (community) library for that available for Particle which is fine, but for the fact that it is looking for username/password…so I presume there’s a technique for not hard-coding these in firmware.
Irrespective of that hard-coding question, AWS requires a significantly more secure mechanism to be able to access MQTT topics within their IoT platform (that or I’m not aware of a less-secure mechanism).
It would be very interesting, in my opinion, also a Integrator with AWS.
For now when I have to exchange messages MQTT, i use one or more servers that read the Event Stream Particle and then push data via MQTT. https://docs.particle.io/reference/api/#events
The same thing would be feasible using WebHooks.
So it seems like the way to do this is to use code that is based on Amazon’s AWS embedded C SDK, changing the code to use byte arrays of your certificates rather than giving it file locations of the certs and then loading them from disk.
The AWS IoT Embedded C SDK uses mbed TLS, same as the Particle Firmware, so it might just be a simple matter for someone with sufficient motivation and skill to get this shoved into a Particle library.
I personally don’t have the C chops to do it, and I’m hoping that someone reading this at some point does.