[zeromq-dev] CURVE security on master
Pieter Hintjens
ph at imatix.com
Fri Jun 21 11:42:26 CEST 2013
Stable, yes (at least when we finish it), but not yet recommended for
production use because it hasn't been aggressively reviewed by
security experts yet. It will be marked as "Experimental" for at least
6-12 months. The goal of putting this into libzmq is to make it easier
for people to critique and review it.
-Pieter
On Fri, Jun 21, 2013 at 11:29 AM, Shaukat Mahmood Ahmad <write at sma.im> wrote:
> Good to know that, is current implementation (of security) stable, I
> mean can it be used in stable applications?
>
> On Thu, Jun 20, 2013 at 9:37 PM, Pieter Hintjens <ph at imatix.com> wrote:
>> Hi all,
>>
>> A heads-up that we now have CURVE security partially working on libzmq master.
>>
>> This implements these RFCs:
>>
>> * http://rfc.zeromq.org/spec:25/CURVE mechanism
>> * http://rfc.zeromq.org/spec:26/CurveZMQ
>> * http://rfc.zeromq.org/spec:27/ZAP - ZeroMQ Authentication Protocol
>>
>> Messages are not yet encrypted, this is the next step.
>>
>> I'll write a blog post about how this would work for 0MQ applications.
>> In gross terms you need to provide public/secret keys via
>> zmq_setsockopt, and an authentication service via the ZAP protocol (an
>> inproc:// API).
>>
>> We are getting very close to (at least theoretical) fully secure
>> authentication and encryption on ZeroMQ tcp:// connections.
>>
>> Thanks to Martin Hurton for the detailed work on libzmq.
>>
>> -Pieter
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
More information about the zeromq-dev
mailing list