[zeromq-dev] More security thoughts
Min RK
benjaminrk at gmail.com
Wed Nov 17 17:22:20 CET 2010
On Nov 17, 2010, at 0:15, Martin Sustrik <sustrik at 250bpm.com> wrote:
> Hi Brian,
>> Summary: even if we can figure out how to make message level security
>> bulletproof, there are some serious performance issues.
>>
> Great analysis!
>
> At the moment I see 2 solutions to the performance problem:
>
> 1. Create an inproc encrypting/decrypting device, send the messages
> through the device.
That would certainly work for c/c++, but unfortunately not in Python, since you don't really get any benefit from multiple Python threads that touch the GIL (by accessing any Python variables).
It could work in Python if the intermediate thread were entirely GIL-less C extension code.
>
> 2. The one you proposed: Create a specialised "message encrypting
> transport" within 0MQ.
We would be *super* excited to see a SSL/TLS transport or similar in 0MQ.
>
>> Summary: tunnels have a serious security hole in the "untrusted
>> localhost" environment. Tunnels only work for securing remote
>> connections.
>>
> No idea how can this be solved. What about using virtual machines to
> achieve secury multitenancy?
VM would certainly address the issue, but at a rather steep resource cost, particularly since the multiuser case it is meant to address means other programs can be expected to be running.
-MinRK
>
> Martin
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
More information about the zeromq-dev
mailing list