OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [mqtt] Reviewing the kickoff material ...

Hi Paul,

Many thanks for your questions. Responses under headed sections below.


Client and server library size can vary depending on the level of functionality they include and the OS they are implemented for.
As a guide, the Open source Paho C clients are between 60k and 100k of compiled code, and the Paho Java client jar is 106k. IBM ships a 53k Java client jar with WebSphere MQ. A minimal server implementation could be in the region of 100k of compiled code.


The 3.1 spec itself contains provision for a userid/password and can be used over a TLS/SSL channel. The charter reflects the view that it is better to compose MQTT with existing proven security technology, rather than to add further MQTT-specific security features.  As you say,  security is very important in many applications of MQTT, and we should consider including security considerations guidance in the MQTT best practices paper.

Best regards


Richard Coppen CEng FBCS  IBM United Kingdom
Software Engineer  Hursley Park
WebSphere MQ  Winchester
     SO21 2JN
Phone: +44 (0)1962 817164  England
e-mail: coppen@uk.ibm.com  
blog: testingblues.com  

From:        Paul Duffy <paduffy@cisco.com>
To:        mqtt@lists.oasis-open.org,
Date:        05/04/2013 23:13
Subject:        [mqtt] Reviewing the kickoff material ...
Sent by:        <mqtt@lists.oasis-open.org>


A couple questions.

- Footprint. One of the decks speaks to "Tiny footprint MQTT client (and
server) libraries e.g. a c client lib in 30Kb and a Java lib in 64Kb ".  
Much appreciated if I could be pointed to more detail re: client and
server footprint for Java, C, etc. impls.

- Security.  The charter identifies the issue as out of scope beyond
what's in the 3.1 submission.  Best I can tell, 3.1 briefly discusses
username/password?  Does this effort intend to offer the equivalent of
IETF Security Considerations guidance?  I ask this as it seems MQTT is
headed for critical infrastructure, and thus security is a huge issue.


To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]