[zeromq-dev] Authenticated pubsub (was Access control)

Martin Sustrik sustrik at 250bpm.com
Sun Aug 1 21:36:45 CEST 2010


Burak Arslan wrote:

> i see two ways to add security to pub/sub model:
> 
> 1) let anybody subscribe to any stream, but distribute decryption keys
> to only authenticated people (using 0mq or not). many key distribution
> schemes that address various needs exist. this will work without any
> change to the zeromq protocol. (same has here:
> http://lists.zeromq.org/pipermail/zeromq-dev/2010-July/004670.html just
> don't invent your own key distribution scheme)

+1

End-to-end security seems the only scheme viable in the environment 
where no intermediate node in the distribution tree can be trusted (i.e. 
on Internet).

If you (the publisher) delegate the authority to the middle node you may 
well end up with you data stolen.

Martin



More information about the zeromq-dev mailing list