[zeromq-dev] More security thoughts

Martin Sustrik sustrik at 250bpm.com
Wed Nov 17 09:15:07 CET 2010


Hi Brian,
> Summary: even if we can figure out how to make message level security 
> bulletproof, there are some serious performance issues.
>
Great analysis!

At the moment I see 2 solutions to the performance problem:

1. Create an inproc encrypting/decrypting device, send the messages 
through the device.

2. The one you proposed: Create a specialised "message encrypting 
transport" within 0MQ.

> Summary:  tunnels have a serious security hole in the "untrusted 
> localhost" environment.  Tunnels only work for securing remote 
> connections.
>
No idea how can this be solved. What about using virtual machines to 
achieve secury multitenancy?

Martin



More information about the zeromq-dev mailing list