[zeromq-dev] Encryption (OpenSSL/TLS)

Pieter Hintjens ph at imatix.com
Fri Oct 1 10:17:40 CEST 2010


Seems to me that neither a VPN nor per-message security is desirable
because the first makes walk-up-and-use impossible, and the second
affects applications.

Forgetting multicast for a minute, could we not do TLS for TCP
connections by using devices, i.e. creating a VPN within the 0MQ
fabric itself?  I can get the same effect today by tunneling 0MQ over
HTTPS, so it's obviously doable.

Do we need to stretch an encrypted connection over arbitrary devices?
I'm not sure that's the real use case.  What I see is that unsecured
0MQ networks need encryption at the edges, where they speak to
external clients.

-Pieter


On Fri, Oct 1, 2010 at 8:11 AM, Martin Sustrik <sustrik at 250bpm.com> wrote:
> Brian,
>
>> The only
>> downside of this approach is that that each network hop will have to
>> encrypt/decrypt the message.
>
> That's exactly the point IMO. It means that each intermediary box
> (device) would have to be trusted. Doing it that way you would basically
> disable using 0MQ as internet-scale fabric.
>
> Martin
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>



-- 
-
Pieter Hintjens
iMatix - www.imatix.com



More information about the zeromq-dev mailing list