[zeromq-dev] CURVE security specifications

Laurent Alebarde l.alebarde2 at free.fr
Sat Nov 16 10:49:27 CET 2013


Hi Pieter,

I am not sure, from the basic security principles 
<http://en.wikipedia.org/wiki/Information_security#Key_concepts>: 
Confidentiality, Integrity, Availability, Authenticity, Non-repudiation, 
which one are covered by CURVE ?

I assume (in parenthesis, the defenses listed in the curve RFC 
<http://rfc.zeromq.org/spec:26>):

  * Confidentiality: yes (Eavesdropping, Key theft attacks, Identifying
    the client)
  * Integrity: yes (Altering data)
  * Availability: restricted, has to be performed at system level
    (Denial-of-Service attacks)
  * Authenticity: yes (Fraudulent data, Replaying data, Amplification
    attacks, Man-in-the-middle attacks,
  * Non-repudiation: I realy don't know

Can you confirm or correct me please.

Cheers,


Laurent

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20131116/0bf9bbc2/attachment.html>


More information about the zeromq-dev mailing list