[zeromq-dev] ZMTP v3.0
Tom Cocagne
tom.cocagne at gmail.com
Mon Apr 15 04:29:04 CEST 2013
This looks great Pieter. The lack of a good security mechanism has been a
stumbling block for me in the past and I'm glad you have a good plan in
place to address it. I'll admit though that I was a bit disappointed a
couple weeks ago when I announced the proof-of-concept DTLS over ZMQ
implementation. I was all excited about being able to contribute something
useful to the project and then you come along with this vastly superior
security initiative. Typical ;-)
I have one question about your currently proposed security mechanisms
though. Have you considered adding Secure Remote Password (SRP) to that
list? It requires the same end-user administrative overhead as PLAIN
(traditional password-management issues) but additionally provides mutual
authentication and encryption. It might serve as a good intermediate step
between PLAIN and CURVE. If you're interested, there's a C implementation
available at https://github.com/cocagne/csrp that's intended for direct
inclusion into utilizing applications.
Tom
On Sun, Apr 14, 2013 at 6:35 AM, Pieter Hintjens <ph at imatix.com> wrote:
> Hi all,
>
> I've published a draft of the ZMTP v3.0 protocol, and an article
> explaining the reasons and design decisions, see
> http://rfc.zeromq.org/spec:23 and http://hintjens.com/blog:39.
>
> Overall:
>
> * addition of SASL-style security mechanisms (NULL, PLAIN, CURVE ,...)
> * extensible connection metadata (socket type, identity, resource, ...)
>
> Critiques and comments welcome. At this stage we're not looking for
> new features, just to solve the biggest problems with the current
> protocol.
>
> Next steps: reference implementation (in C), and then implementation
> in libzmq, to give us a 3.3 version.
>
> -Pieter
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20130414/ac9ab2ab/attachment.htm>
More information about the zeromq-dev
mailing list