[zeromq-dev] zeromq and crypto?
Martin Sustrik
sustrik at 250bpm.com
Sat Aug 21 07:59:10 CEST 2010
Benjamin,
> Is there a recommended way to secure the underlying zeromq
> communication with crypto?
>
> Given a N:M publishers and subscribers,
>
> 1. Should apps establish connections point to point between each N and
> M using something like stunnel, which zeromq can then use the tcp
> transport over?
In most cases it's better to add a central node to the topology. So that
subscribers don't have to know about publishers or vice versa.
> 2. Is vpn a better idea? (I guess this only really works if a customer
> is able to do this).
Secure tunnel as well as VPN are OK as far as I can tell.
> 3. Should apps, instead, use crypto libraries to secure the zeromq message body?
Yes. End-to-end encryption allows for untrusted middle nodes.
It would also make sense to create an ecryption wrapper library on top
of 0MQ.
> 4. Is there a zeromq transport in the works, ie tcps, for secure connections?
> s.connect("tcps://example.com:5555")
No. It isn't.
> Has anyone tried any of the above? I'd love to hear your experiences,
> and any issues with stability and/or performance.
Martin
More information about the zeromq-dev
mailing list