The Yaler relay service supports SSL/TLS encryption since day one. An embedded device publishes itself over a secure connection to the relay, where a client then can access it over HTTPS. So far, connections have been secured point-to-point. Both, the device and client side, receive the relay server's SSL certificate.
Today we announce a second option: end-to-end encryption, from the client to the device. Based on SNI, an extension of TLS that allows a server to return a specific certificate for each subdomain, the client now gets the SSL server certificate stored on the device. The relay can no longer see unencrypted traffic, not even in theory.
To enable end-to-end encryption for your devices, contact firstname.lastname@example.org