[zeromq-dev] Has anyone actually implemented security?
aric at nsa.co.il
Thu May 19 07:35:58 CEST 2011
On May 18, 2011, at 5:38 PM, Christian Martinez wrote:
> I see suggestions but no actual details.
> I have gotten management intrigued about using ZeroMQ but the security question is now coming up strong.
> Would love to hear real stories of folks who’ve implemented something.
I think with high performance systems of this type, adding a security layer can introduce inefficiencies/delays if done wrong, not to mention making the API more complex for newbies.
By the way this is not uniquely ZMQ related - Same goes for UDT if you take a look at section 18 of the spec (They mimic the same "security" as implemented in TCP):
You would usually implement security at another layer entirely, one where the IT guys know what they are doing (very fast VPN's, or just firewalls, etc. all depending on the scenario of course). Or you do it at the software level with encryption.
Personally, I see ZMQ, UDT and TCP as being in the same "family" of "products". Just like SSL is at a higher layer, and runs over TCP/UDP, it can similarly run over UDT and ZMQ, but it's up to you to implement it and encode the data prior to transmission, and you better leave ZMQ out of it, keeping it simple for those who use it in LAN environments, or those who simply couldn't care less about security because their scenarios allow for that.
So I guess if you need security, Just use libssl and encrypt your data prior to transmission, or get your IT to take care of the problem for you :-)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the zeromq-dev