[zeromq-dev] CURVE security specifications

Pieter Hintjens ph at imatix.com
Sat Nov 16 11:10:04 CET 2013


Correct, as far as I can tell. Non-repudiation is more of a legal
concept, though it depends on authenticity and integrity at a
technical level. I.e., will using Curve make it harder for someone to
claim "it wasn't me" afterwards? Yes, but only if e.g. certificates
are properly stored and exchanged as well, which goes beyond the
security protocol.

-Pieter

On Sat, Nov 16, 2013 at 10:49 AM, Laurent Alebarde <l.alebarde2 at free.fr> wrote:
> Hi Pieter,
>
> I am not sure, from the basic security principles: Confidentiality,
> Integrity, Availability, Authenticity, Non-repudiation, which one are
> covered by CURVE ?
>
> I assume (in parenthesis, the defenses listed in the curve RFC):
>
> Confidentiality: yes (Eavesdropping, Key theft attacks, Identifying the
> client)
> Integrity: yes (Altering data)
> Availability: restricted, has to be performed at system level
> (Denial-of-Service attacks)
> Authenticity: yes (Fraudulent data, Replaying data, Amplification attacks,
> Man-in-the-middle attacks,
> Non-repudiation: I realy don't know
>
> Can you confirm or correct me please.
>
> Cheers,
>
>
> Laurent
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



-- 
-
Pieter Hintjens
CEO of iMatix.com
Founder of ZeroMQ community
blog: http://hintjens.com



More information about the zeromq-dev mailing list