[zeromq-dev] zeromq and crypto?
benjaminlyu at gmail.com
Sat Aug 21 18:31:57 CEST 2010
Martin, thanks for response.
I'm going to add a central node with stunnels until I get a crypto lib
integrated into my app. :)
On Fri, Aug 20, 2010 at 10:59 PM, Martin Sustrik <sustrik at 250bpm.com> wrote:
>> Is there a recommended way to secure the underlying zeromq
>> communication with crypto?
>> Given a N:M publishers and subscribers,
>> 1. Should apps establish connections point to point between each N and
>> M using something like stunnel, which zeromq can then use the tcp
>> transport over?
> In most cases it's better to add a central node to the topology. So that
> subscribers don't have to know about publishers or vice versa.
>> 2. Is vpn a better idea? (I guess this only really works if a customer
>> is able to do this).
> Secure tunnel as well as VPN are OK as far as I can tell.
>> 3. Should apps, instead, use crypto libraries to secure the zeromq message
> Yes. End-to-end encryption allows for untrusted middle nodes.
> It would also make sense to create an ecryption wrapper library on top of
>> 4. Is there a zeromq transport in the works, ie tcps, for secure
> No. It isn't.
>> Has anyone tried any of the above? I'd love to hear your experiences,
>> and any issues with stability and/or performance.
More information about the zeromq-dev