[zeromq-dev] EncryptedSocket added to pyzmq in branch
Mikael Helbo Kjær
mhk at designtech.dk
Tue Nov 2 12:44:21 CET 2010
Ah a lot of insightful replies. And yes I understand that 0mq is not about security nor should it be, it is a scalability/messaging library with the sanest API that I've encounter for a long time. I think that some combination of an encrypted channel for secure key exchange along with message encryption is the best way to do it all, but that the key exchange and message encryption later belongs in the application never in 0mq, while the initial encrypted channel is for the negotiation of the keys just as you've all probably long known.
Burak thanks for clearing up what you meant with regards to Rogue Clients.
And Pieter thanks for the very complete reply and I more than understand that your time is limited with regards to documentation (which is hard and I find that compared to the crap documentation of many Open Source projects 0mq is already ahead just by your intent of documenting it and the quality of what has already been produced). In fact everyone on this list should lauded for the excellent quality of the discourse and the willingness to understand each other. It is a big asset.
I would suggest one thing as security will only increasingly become something asked about on this list, there should be a bit of focus on making the example of a security mechanism a priority for the guide. I know I'd appreciate a push in the right direction when the networking code turns up again on my backlog.
More information about the zeromq-dev