[zeromq-dev] Encryption (OpenSSL/TLS)
Blair Bethwaite
blair.bethwaite at monash.edu
Fri Oct 1 03:43:25 CEST 2010
On 1 October 2010 09:57, Steve Atkins <steve at blighty.com> wrote:
> Option 3 needn't be weak.
Sorry, I was a bit vague. And I'm no security expert! And new to zmq
so I just thinking about this in a very general sense as it applies to
the unsecured TCP that zmq is sitting on... I don't mean weak in the
sense that an eavesdropper could decrypt your "plans for world
domination" which are in the message payload, but weak in the sense
that they could still very well learn enough useful information about
your system to throw a spanner in the works.
Regarding replay, a malicious party might not necessarily be able to
replay in the sense of a full message exchange (that really depends on
what your payloads represent, e.g., sending a shadow password for a
higher level application layer could turn out badly), but might still
later re-transmit/spoof a valid message. The problem is, you have to
add a bunch of extra logic to your app to handle these eventualities
if you don't want a 'weak' solution. Which is by the sound of it, what
you've done?
Cheers,
~Blair
--
Blair Bethwaite
Researcher, Developer, SysAdmin, Nimrod and Grid support specialist
Monash eScience and Grid Engineering Lab (http://www.messagelab.monash.edu.au/)
(+613) 9903 2800
More information about the zeromq-dev
mailing list