[zeromq-dev] Encryption (OpenSSL/TLS)
Martin Sustrik
sustrik at 250bpm.com
Fri Oct 1 08:13:33 CEST 2010
On 10/01/2010 03:43 AM, Blair Bethwaite wrote:
> Sorry, I was a bit vague. And I'm no security expert! And new to zmq
> so I just thinking about this in a very general sense as it applies to
> the unsecured TCP that zmq is sitting on... I don't mean weak in the
> sense that an eavesdropper could decrypt your "plans for world
> domination" which are in the message payload, but weak in the sense
> that they could still very well learn enough useful information about
> your system to throw a spanner in the works.
>
> Regarding replay, a malicious party might not necessarily be able to
> replay in the sense of a full message exchange (that really depends on
> what your payloads represent, e.g., sending a shadow password for a
> higher level application layer could turn out badly), but might still
> later re-transmit/spoof a valid message. The problem is, you have to
> add a bunch of extra logic to your app to handle these eventualities
> if you don't want a 'weak' solution. Which is by the sound of it, what
> you've done?
That's an interesting line of thought. But on the other hand: Does it
differ in any way from how IP works?
Martin
More information about the zeromq-dev
mailing list