Introducing the SAFEthing Framework: Secure Access For Everything


Any thoughts on this @bochaco ?


From what I can get from that documentation, it sounds really cool in terms of trying to make it easy for devs to create apps and integrate them into an IoT network, a network which in turn integrates itself to LoRaWAN.
So if you need to be able to connect thru radio seems to be a nice thing, it seems you just buy one of those gateways and you are good to go.
I can imagine having LoRaWAN gateways which can connect devices to the SAFE Network as well, just one of the options as meshnets will be, I presume…?

However, I still see the same problems as with other existing IoT networks/protocols, e.g.:

  • “user accounts are stored in the account server. These accounts are identified by a username or e-mail address and protected by a password.”: a server for auth/accounts and permissions to apps, we know what that means. It’s mentioned that there is e2e encryption, will that be affected if I can hack one of the servers holding users/accounts/permissions info?

  • “The preferred option is to connect to the public community network hosted by The Things Network Foundation or its partners. In this case the Application connects to a Public Community Network Handler, usually using the MQTT API.”: more servers, the network seems to be simply a network of servers with some personas/agents (Broker, Handler, etc.), they mention you can have a private network as well and we can imagine the costs for such a thing to maintain and secure it. I suppose such a network can be sensored or even shut-down quite easily as well, right?

  • I don’t see how you can have full anonimity, I don’t see how I can have a device which I plug into that network and which can connect to any other device on the planet without needing to expose my devices’ IPs, or even exact location (it sounds that to be able to receive downlink messages in LoRa you may have to be exposing the device’s exact location to the rest of the network, not sure though).

  • The same concern of anonimity for applications, I don’t see how you can deploy aplications totally anonymously, from what I get you’ll have to have a server to host it, and the network needs to be aware of the devices that are linked/associated to the app/s…?

I’m not sure also about the costs, perhaps it’s not a big deal for companies, but how much money I’ll need for hosting my app and having access to the network? what if I want to use it once a year only…

@goindeep, I’m not an expert on this, but that’s what comes up to my head when reading those docs, so just thinking out loud here. I do like they are abstracting devs from the network topology and complexity of the comm though.

BTW, it’ll be really good to get other people’s analysis here as well.