[zeromq-dev] proxying CURVE ?

Laurent Alebarde l.alebarde at free.fr
Fri Nov 29 14:05:11 CET 2013


Thanks Pieter, you have saved my day.

I don't want to use raw TCP, and I would prefer sticking to libzmq. So, 
I raise the question: wouldn't it be a good idea to be able to proxy 
CURVE as depicted below ? Is it today impossible as a design choice to 
avoid misuse ? Or is it simply impossible by design ? Can we imagine an 
additional socket option to authorize it ? Could you please elaborate 
onto the showstopper inside ZMTP ?



Le 29/11/2013 13:12, Pieter Hintjens a écrit :
> This won't work at the ZMTP level. CURVE must talk to CURVE. You could
> write a proxy that does raw TCP, and extends the CURVE handshake
> across from client to worker. You could also use libcurve on top of
> NULL, and do end-to-end security (that was the use case for libcurve).
>
> On Fri, Nov 29, 2013 at 12:22 PM, Laurent Alebarde <l.alebarde at free.fr> wrote:
>> Hi all,
>>
>> Is it right to proxy CURVE ? I mean:
>>
>> CLIENT (CURVE) ------- (NULL) PROXY (NULL) ---------- (CURVE) WORKER
>>
>> I have identified a condition: the PROXY SHALL be ROUTER/ROUTER, and SHALL
>> maintain a table that assign on client always to the same worker for the
>> socket TTL. With this condition fullfilled, can you see some other
>> showstopper for such an architecture ?
>>
>> Cheers,
>>
>>
>> Laurent.
>>
>>
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20131129/f81d6ee3/attachment.html>


More information about the zeromq-dev mailing list