[zeromq-dev] CurveZMQ availability plan ?
Pieter Hintjens
ph at imatix.com
Wed Aug 7 20:06:29 CEST 2013
On Wed, Aug 7, 2013 at 4:15 PM, Laurent Alebarde <l.alebarde at free.fr> wrote:
> Which RFC is implemented (26) ? Partially or totally ?
* RFC 23, except commands.
* RFC 24, 25, 26, 27, 28, 29, 30, 31, and 32 fully.
> Do we have both sides authentication today or not ?
Yes, client always authenticates server by setting socket option, and
server optionally authenticates clients by using ZAP plugin.
> In RFC26, § Overall Operation of CurveZMQ, it looks like the server actually
> authenticate the client from its long term public key from the INITIATE
> command, but there is no point where the client authenticate the server from
> its long term public key.
If the client uses the wrong server key, it cannot send a valid HELLO
command, and it cannot read the WELCOME command. The server does not
send its long term public key - the client MUST already have this.
> Can the same server long term public key be used for many clients (I assume
> yes from my understanding) ?
Yes.
> That's the long term public keys which are used for authentication and
> therefore shall be known by the other end-point, so transmitted by other
> means.
Yes.
> How does this CurveZMQ authentication mechanism compares with https
> certificates ?
There's no certificate authority. Long terms keys are exchanged in
advance. It means two peers can connect securely even if they don't
have full Internet access.
-Pieter
More information about the zeromq-dev
mailing list