We are working on connecting mesh nodes to Amazon Web Services. Mesh nodes are by nature constrained devices and we can't afford to run MQTT on those nodes directly (TCP is too expensive)
Our approach would be to use CoAP for the mesh but it would be ideal if we could connect those nodes directly to AWS for security reasons and nodes management from the cloud.
AWS supports HTTP but not CoAP directly. From what we have gathered, CoAP is very similar to HTTP. It also uses similar security mechanism (DTLS vs TLS).
Has anyone tried this? Is it possible that a simple CoAP to HTTP proxy would be capable of maintaining a securied session between CoAP device and HTTP broker on AWS?
Unfortunately I can't tell anything about proxies (except that the approach seems somewhat clunky at first view).
But before that, can you afford DTLS on your mesh nodes?
For example, you will need a good and fast random source.
Every handshake will require to generate a 32-byte random "cookie".
Assume we use pre-shared keys and AES128 with CCM8 (since where could be no point to use something more simple):
Every CoAP packet will be encrypted and extended to:
DTLS header: 13 bytes
Nonce: 16 bytes
Also you will need to store a few packets during a handshake (I can't tell the exact size but I suppose it is hundreds of bytes).
Anyway, it depends on that security level do you want to get.