[zeromq-dev] Proposal for secure pub-sub

Thomas S Hatch thatch45 at gmail.com
Fri Jun 10 17:58:04 CEST 2011


On Fri, Jun 10, 2011 at 9:50 AM, Martin Sustrik <sustrik at 250bpm.com> wrote:

> On 06/09/2011 01:14 PM, Pieter Hintjens wrote:
>
> > I've posted a draft proposal for secure pubsub, here:
> > http://www.zeromq.org/topics:pubsub-security
>
> One interesting question is what if the subscribers are literally
> "subscribers" ie. paying for getting the feed. Once the subscription is
> not renewed they shouldn't be able to decrypt the messages.
>
> Martin
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>

Sorry gents, I have had a LOT on my plate lately, I need to carefully look
over this spec more.

The idea is that if the master sends a publication that the minion can't
decrypt, meaning the "feed" stopped, or changed, (aka, the AES key changed)
then the minion re authenticates to get the current AES key, hence coming
back to the crew so to speak.

The concern with DOS attacks is also addressed here, if the second
authentication returns a key that cannot decrypt the publication, or the
second authentication fails. Then the minion assumes that the master has
been compromised and shuts down.

I agree with Pieter, and intend to build it in, that the master AES key is
rotated on a configurable basis. This forcing regular re-authentication. But
I think that should stay configurable, some deployments might not see the
value.

-Thomas S Hatch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20110610/a6eddf77/attachment.htm>


More information about the zeromq-dev mailing list