[zeromq-dev] SASL support?

Adrian von Bidder avbidder at fortytwo.ch
Mon Jan 25 15:13:33 CET 2010


On Monday 25 January 2010 14.15:35 Martin Sustrik wrote:
> I am in no way a security expert, that's why I would prefer others to 
> discuss the issue :)

AOL!!1!
 
> Anyway, my feeling is that there are solutions that do security on the 
> networking level (IPsec). Using such solutions would allow us to do with 
> no or very thin security support in 0MQ itself AFAIU.

From an application programmer's perspective, I'm not sure the network level 
is the right place for all of this.  Especially authentication (encryption 
possibly less so) is often tightly coupled to authorization (key / token / 
passowrd / ... management based on software component / user / ...) which, 
to me, would suggest a layer that sits between 0MQ and the application.

Either way: it might be good for 0MQ to explicitly state that it doesn't 
care about security by itself, but concentrates on getting the bytes over 
the network fast.  Together with pointers to solutions that implement 
security, this should keep 0MQ thin - depending on application, varous 
securrity strategies are obviously possible, and supporting them all would 
only bloat 0MQ (... until it becomes yet another of these huge enterprisey 
middlewares ... ;-)

Just my CHF .02

cheers
-- vbi


-- 
To me vi is Zen.  To use vi is to practice zen. Every command is a koan.
Profound to the user, unintelligible to the uninitiated.  You discover
truth everytime you use it.
        -- reddy at lion.austin.ibm.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 389 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20100125/a7421eb4/attachment.sig>


More information about the zeromq-dev mailing list