Robot Not a Dev? Pre-order Now
Not a Dev?

Misty Community Forum

Misty running services on unencrypted ports

Out of curiosity I note that the bot has non encrypted ports open when running. Is there any plan to offer a token or other layer of authentication to the bot, and/or implement encrypted communication?

for reference, there has been some prior discussion about this at URL injection for fun and profit

I am not on the Misty team, but I can comment that the main technical difficulty here is not encryption per se, but rather installing a x509 certificate signed by a valid certificate authority on the robot. This is difficult because it requires:

  1. a public name (e.g., that will resolve to an address on your local network;
  2. some protection against theft of the certificate from the robot.

We’ve been discussing the best ways to enable this, might be a good chance for @Jeremy, our Head of Product to chime in!