Dollar topic clarification

[simonthum]

Hi,

I just verified that, as mentioned in #2111, dollar topics can be published to by clients. They behave exactly as I would like, that is, the subscription has to contain the dollar segment characters otherwise a subscription will not match. But that is true for the first segment only, which I find kind of weird. I am using Mosquitto 1.6.x.

If all segments would show that behaviour, messages could be protected using shared secrets, reducing the need to write ACLs and offering more flexibility for sensitive applications. This is obviously compatible with $SYS as long as no dollar sub-topics exist.

Since dollar topic behaviour is largely left to the implementor, I suspect other brokers implement that logic irrespective of the segment index already.

Is this possible in Mosquitto? Or do you consider current behaviour buggy wrt the dollar sign?

[ralight]

I don't believe the dollar behaviour to be buggy. I have taken the view that a new dollar topic effectively creates a new tree, but otherwise the behaviour remains the same across all topics. Changing the behaviour so that dollar topics do not match with wildcards would be contrary to the behaviour of the rest of the spec. I do see the point you're making though. Perhaps having a broker specific $SECRETS/ topic tree, or similar that didn't match on wildcards would be an interesting addition.

I would also point you to the lines in the v5 spec Applications cannot use a topic with a leading $ character for their own purposes and The Server SHOULD prevent Clients from using such Topic Names to exchange messages with other Clients. Mosquitto doesn't prevent you from using dollar topics, but it's clear the spec isn't entirely keen on that.

[simonthum]

Thanks for your insights and clarifications!

I will find some other way to deal with security, I'm closing this issue.