[zeromq-dev] EncryptedSocket added to pyzmq in branch
Burak Arslan
burak.arslan at arskom.com.tr
Tue Nov 2 11:53:54 CET 2010
On 11/02/10 10:31, Min RK wrote:
> There's no encrypted bit or anything. This isn't 'Encrypted ZMQ', it's just an object that encrypts messages prior to sending them. Think of it more as a wrapper than anything. The messaging library has no sense of whether a message is encrypted or not, you have to specify that in user code:
>
> a.send(msg, encrypt=True)
> must be matched with:
> b.recv(decrypt=True)
>
> Otherwise b would just receive the encrypted buffer, which is perfectly valid, if for instance b is just going to relay it to c without looking at it, and c is the real destination.
>
>
objections:
1) this has nothing to do with zeromq. so it shouldn't be part of the
python zmq package. i suggest creating a package like zmq.patterns and
moving it there.
2) it can't tell ciphertext from plaintext. as previously mentioned,
this ability requires changes to the wire-protocol. if security-related
changes are to be introduced, i'd prefer to start at socket identity
signing. (a la dnssec) you can imagine that this is a HUGE can of worms,
and i think zeromq has much more security-related problems until we come
to that.
on a related note, i also strongly advise against simply using
encryption without signing because you can't detect data corruption. in
cbc-like encryption modes, this means one bit flip can corrupt the
entire message, and you won't be able to detect it.
3) it's redundant. decent serialization protocols already (properly)
support such schemes. see my previous post from a related thread.
so my vote is towards reverting that change, or at worst moving it to a
separate package.
regards
burak
More information about the zeromq-dev
mailing list