1) It's got to be secure. Whether through RSA key exchange; hosting a secure server and passing info that way.
2) It's got to fit on an ESP8266 (obviously)!
3) Crypto is hard. In my opinion, unless you are not 100% of your crypto capabilities, you shouldn't code your own solution. I'm looking at a commercial product, so I need something tried and tested.
What's available right now. How are other people doing it? Or do I just have to sick it up and put a few weeks aside to code it up myself? Rather not. Too busy baking loaves to stop and grind my own flour.