DEVELOPERS BLOG

HTTPS/TLS versus BlackBerry Spark Communication Service

FEATURE STORIES / 10.22.19 / Ed Bourne

I’m often asked “Why use BlackBerry Spark Communications Services SDK (*CS) over HTTPS/TLS”?  It comes up often enough I thought this might make a useful blog post.

TLS (or in the past SSL) is the first place most developers go when they want to secure web traffic.  HTTPS based web hosting or file transfers is the bulk of the internet these days (please tell me you're not using HTTP!)

Comparing *CS to TLS isn’t completely fair, because *CS includes all sorts of additional benefits that TLS requires you manage and control.  But that is also the point of why you should look at *CS. 

Here is a table to summarise the benefits of *CS over TLS.                                            

Spark Communications Service SDK

TLS

Encryption is built in, no extra purchase required.

Requires endpoints to have SSL certificates (yes that’s correct, we still call these SSL certs, not TLS certs)

All encryption is managed in channel for a given domain.

Certs must be either shared out of channel (ie self signed) or from a certified ROOT cert

manages encryption for you, no additional management required by developer (or user).

No PKI infrastructure required.

1.     Must manage CERTS yourself. (are they expired, etc)

2.     You are responsible for choosing robust security key, reliable CA, etc.

3.     Requires PKI infrastructure to support.

End to End (E2E) encrypted

Only data in transit is encrypted, terminates at server.  If stored at server, additional work to secure required.

Strong hashing (SHA-512 and Argon2id) by default

Options of ECC, RSA, DSA encryption[MS1]

Connections are ALWAYS guaranteed to be encrypted.

Can fall back from HTTPS to HTTP, which is NOT secure.

Spark plug in available for browsers, Node.js, with a simple download.

TLS built into Browsers, Node.js, etc

BlackBerry manages its own plugin, you can be sure security is most up-to-date available.

All Vendors must update browsers, etc for latest releases and fixes.

Security is tested and supported by BlackBerry for government, regulated and other industries.

 ??????

Is a hardened SDK from a framework that  has been in this space for over a decade[MS2] .

TLS 1.2 is the latest rev commonly in use, evolved from earlier SSL.

 

 


Additional Features

Spark Communication Service SDK provides several additional features, it’s not just a request/response protocol that HTTPS/TLS code is used for.

Its also a does Publish/Subscribe Services, Real time Chat, Voice and Video with support for notifications.   If your interested in Chat, for example, we have attention to details such as digitally signed messages on a per message basis, not just per session.

There is a lot more to this great tool, have a look at it all here or if you want to dive right in, the SDK is found here.

Ed Bourne

About Ed Bourne

Ed Bourne brings over 10 years of experience in mobility as a Sr. Enterprise Solutions Manager at BlackBerry. Ed manages the technical partnerships with some of our largest Strategic Partners and Customers, helping to foster BlackBerry expertise and bring a compelling mobile experience to our joint customers.