[zeromq-dev] Fwd: Access control

Pieter Hintjens ph at imatix.com
Tue Jul 27 19:27:29 CEST 2010


On Tue, Jul 27, 2010 at 7:18 PM, Martin Sustrik <sustrik at 250bpm.com> wrote:

> As for real solution the only way to have authenticated pub/sub IMO is
> to encrypt messages on publisher and decrypt them on terminal
> subscriber. (All the intermediate untrusted nodes would just forward
> encrypted data.)

This is indeed a sensible design for secure multicast but IMO does not
scale for Internet use.  For one thing you need to create as many
endpoints as you have access types.  That works for LAN market data
cases and it's a design I'm depending on for the data plant I'm
working on.  It does not scale however.

I'm going to post a design proposal for authenticated pubsub and
custom routing over request-reply, which I think answers Oliver's use
case.

-Pieter



More information about the zeromq-dev mailing list