[zeromq-dev] EncryptedSocket added to pyzmq in branch

Martin Sustrik sustrik at 250bpm.com
Sat Nov 13 08:53:16 CET 2010

Hi Burak,
> if the message destinations are signed, the "tries to read its own
> handwriting" (from the user guide) will become "reads and verifies that
> it was its own handwriting". please notice that this is in line with
> your "zeromq should run in untrusted environments" statement. i agree,
> and that's an improvement towards that goal.
I see. So what you are saying is that a REQ/REP node, when getting a 
reply, should verify that the "path back to the requester" contained in 
the reply was signed by itself, right?

> the email spam problem as we know it would not exist today, if smtp was
> properly set up with cryptography from day one. so when your ambitions
> include building an internet-scale messaging system, it's best to learn
> from past engineering mistakes of similar systems.

How can we possibly prevent spam in scenarios where there's no pairing 
between request and reply (say pub/sub)?

>> Finding shortest path is a functionality provided on IP level.
>> Implementing a duplicit functionality on 0mq level would be a bad
>> design choice.
> you misunderstand. let's say you've implemented dns over zeromq, and
> have server a responsible for zeromq.com and b is responsible for
> blog.zeromq.com and server c is responsible for static.blog.zeromq.com
> when there's a request for, say, 3.static.blog.zeromq.com, the a server
> can route it directly to c to speed things up. for that to happen, the
> whole routing information must be readable, and not just the next hop.
> it's after this decision that the routing infrastructure at the ip-level
> will do its job.
My point was that if there's a node on the path, such as 'b' in your 
example, it has a business-logic reason. Thus, it should never be 
avoided in such a way as passing message directly from 'a' to 'c'. For 
example, node 'b' can do some message transformation or somesuch.

Thus, if you want to get the 'shortest' path behaviour, you should 
deploy 0mq only on the endpoints while the middle nodes would operate 
only on IP level (routers).

> but, when i said this, i was just thinking out loud. so i don't think
> you should worry about this :)
It's an interesting discussion. Thanks for passing your thoughts to the 
mailing list. I may learn something about security myself this way :)


More information about the zeromq-dev mailing list