[zeromq-dev] Message source identification/authentication

Randall Nortman rnzmq at wonderclown.net
Sun May 12 19:34:49 CEST 2013


On Sun, May 12, 2013 at 01:12:11PM -0400, Pieter Hintjens wrote:
> Hi Randall,
> 
> I think there's no real problem here, I'll explain why.
> 
> The one thing I wanted to disable by design in the protocol was mixing
> different levels of security on one socket; so all clients at least
> use the same security mechanism. Now, a mechanism like CurveZMQ will
> allow the server to authenticate each client (we'd do this with
> out-of-band messages), and attach an internal identifier to each
> authenticated client, and then attach that to each incoming message.
> 
> Since 3.x we fixed the API to allow message properties (e.g.
> zmq_msg_more) in a clean and extensible way. So when we get to this,
> we can add zmq_msg_sender() that returns the authenticated client ID
> for the current message.
> 
> Does this help?

Sounds like zmq_msg_sender() is about what I'm asking for and that
seems like a great way to do it.  Is CurveZMQ going to depend on CZMQ
though?  The website suggests that it will.  The other (non-C)
language bindings don't generally use CZMQ but rather libzmq directly,
so that could be a problem for me (using Python).



More information about the zeromq-dev mailing list