[zeromq-dev] zeromq and crypto?

Benjamin Yu benjaminlyu at gmail.com
Sat Aug 21 18:31:57 CEST 2010


Martin, thanks for response.

I'm going to add a central node with stunnels until I get a crypto lib
integrated into my app. :)

Thanks,
Ben

On Fri, Aug 20, 2010 at 10:59 PM, Martin Sustrik <sustrik at 250bpm.com> wrote:
> Benjamin,
>
>> Is there a recommended way to secure the underlying zeromq
>> communication with crypto?
>>
>> Given a N:M publishers and subscribers,
>>
>> 1. Should apps establish connections point to point between each N and
>> M using something like stunnel, which zeromq can then use the tcp
>> transport over?
>
> In most cases it's better to add a central node to the topology. So that
> subscribers don't have to know about publishers or vice versa.
>
>> 2. Is vpn a better idea? (I guess this only really works if a customer
>> is able to do this).
>
> Secure tunnel as well as VPN are OK as far as I can tell.
>
>> 3. Should apps, instead, use crypto libraries to secure the zeromq message
>> body?
>
> Yes. End-to-end encryption allows for untrusted middle nodes.
>
> It would also make sense to create an ecryption wrapper library on top of
> 0MQ.
>
>> 4. Is there a zeromq transport in the works, ie tcps, for secure
>> connections?
>> s.connect("tcps://example.com:5555")
>
> No. It isn't.
>
>> Has anyone tried any of the above? I'd love to hear your experiences,
>> and any issues with stability and/or performance.
>
> Martin
>



More information about the zeromq-dev mailing list