[zeromq-dev] ZMTP v3.0

[Pieter Hintjens]

On Mon, Apr 15, 2013 at 4:29 AM, Tom Cocagne <tom.cocagne at gmail.com> wrote:

> This looks great Pieter. The lack of a good security mechanism has been a
> stumbling block for me in the past and I'm glad you have a good plan in
> place to address it. I'll admit though that I was a bit disappointed a
> couple weeks ago when I announced the proof-of-concept DTLS over ZMQ
> implementation. I was all excited about being able to contribute something
> useful to the project and then you come along with this vastly superior
> security initiative. Typical ;-)

Now we should be able to build a DTLS mechanism as well. My idea was
that most people will prefer DTLS since it's better known than
CurveCP. It should be quite straight-forward to add mechanisms to
libzmq.

> I have one question about your currently proposed security mechanisms
> though. Have you considered adding Secure Remote Password (SRP) to that
> list?

SRP sounds fun. What we need to do for any mechanism is write up an
RFC, along the lines of the PLAIN and CURVE RFCs. Even a raw spec will
work; then I'll add them to list of known mechanisms in the ZMTP spec.

When I get a reference implementation going, we can use it to prove
additional mechanisms.

I'm so happy you're also thinking about building mechanisms.
I'm eager to see how this flies with DTLS and/or SRP.

-Pieter