[zeromq-dev] Authenticated pubsub (was Access control)
Martin Sustrik
sustrik at 250bpm.com
Sun Aug 1 21:36:45 CEST 2010
Burak Arslan wrote:
> i see two ways to add security to pub/sub model:
>
> 1) let anybody subscribe to any stream, but distribute decryption keys
> to only authenticated people (using 0mq or not). many key distribution
> schemes that address various needs exist. this will work without any
> change to the zeromq protocol. (same has here:
> http://lists.zeromq.org/pipermail/zeromq-dev/2010-July/004670.html just
> don't invent your own key distribution scheme)
+1
End-to-end security seems the only scheme viable in the environment
where no intermediate node in the distribution tree can be trusted (i.e.
on Internet).
If you (the publisher) delegate the authority to the middle node you may
well end up with you data stolen.
Martin
More information about the zeromq-dev
mailing list