Is there any documentation on information security wrt the Particle Cloud and Particle devices?
Q1. I don’t believe that SSL is used between device and Particle Cloud. Is the traffic encrypted in any way?
Q2. I understand that events, function call requests and the like are not stored (good), but are there logs in play within the Particle Cloud that could store traffic (bad)?
Q3. Does Particle intend to publish an “official” cryptographic library? I note that there is a library called CRYPTOSUITE, but I have not assessed this as yet.
As Q1 is probably no and Q2 probably yes, to provide an environment that protects specific data, would need to implement Public Private Key Encryption/. I note that device firmware can be pulled from a device using DFU (and therefore potentially discover keys), so this why symmetric keys should not be used.