[zeromq-dev] Data integrity and security using ZeroMQ over a WAN

Pieter Hintjens ph at imatix.com
Tue Mar 5 22:16:04 CET 2013


There are by my count five separate projects working on this; the most
promising is Lourens Naudé's TLS transport inside the library; the
most usable today is Salt Stack's distributed security model, which
should be quite easy to reimplement.

I'd suggest reading this:
http://www.zeromq.org/topics:pubsub-security, which is basically
Salt's model. This approach has various weaknesses such as replay
attacks, but is already fairly good.


On Tue, Mar 5, 2013 at 2:02 PM, Adam Covitch <adam.covitch at gmail.com> wrote:
> Is there a standard approach to ensuring data integrity and security using
> ZeroMQ? I'm new to this community and don't see an obvious approach.
> By 'data integrity' I mean that the message recieved is the same as the one
> sent. We'll mostly be messaging over TCP, which has problems with jumbo
> packets. But I want to ensure end-to-end data integrity, including
> encryption and message packaging. I'm thinking along the lines of embedding
> a checksum in the message or something like that. Not a big deal to roll my
> own solution, but I would rather not reinvent the wheel.. If ZeroMQ doesn't
> offer this, are there any transfer protocol technologies that may help? I
> was planning on just using JSON or BSON, but am open to alternatives.
> By 'security' I mean to make it reasonably difficult for my message to be
> interpreted by sniffing the network traffic. I was originally thinking about
> tunneling the ZeroMQ connection over SSH, but was told that this would
> degrade performance considerably.
> Any thoughts are welcome!
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

More information about the zeromq-dev mailing list