Hello,
I have been evaluating some of the opensource products for secure OTA and got stuck on “OTA Community edition, aktualizr” and mender.io .
Could you pls help me to chose mender here 
. How mender is better than other one?
Is mender also based on uptane?
Thanks,
Abhilash.
Hello @abhilash-kv,
thanks a lot for your interest. From a very high level perspective I would say the main differences are:
For specific needs a more detailed comparison might be needed, but from an initial starting point I would say: give mender it a try.
If you have more questions, feel free to reach out.
Greetz,
Josef
Hi Josef,
Thanks for the quick response. Yes agreed the deployment was faster when I tried mender.io opensource compared to the aktualizr.
One more question
Thanks,
Abhilash.
Hi @abhilash-kv,
the transfer protocol between client and server is HTTPS. So the data payload is encrypted, and the origin is authenticated. For additional verification, you can opt in to signing of the payload that you are creating and deploying.
Greetz,
Josef
Hi Josef,
So except transport layer security , you are not providing any security for the payload by default?
Thanks,
Abhilash.
Well of what kind of “security” are you thinking? Any specific requirements you need to fulfill? Its hard to give a good answer here because I don’t know what you expect. Just try to elaborate on your usecase a bit and then I can relate it to what we are offering.
Greetz,
Josef
If I recall, it uses, certificate based client/server authentication of which you need to authorise/pre-authorize the devices server side.
There is also the mTLS authentication available. But as the original question was explicitly about the “protocol of delivering the payload”, I would need more input on what might be needed beyond HTTPS-provided encryption and authentication.
Greetz,
Josef