[zeromq-dev] Certificate formats

Tony Arcieri bascule at gmail.com
Wed Oct 2 02:22:54 CEST 2013


On Tue, Oct 1, 2013 at 4:21 AM, Pieter Hintjens <ph at imatix.com> wrote:

> http://hintjens.com/blog:53


Regarding this specifically:

I don't see a way to safely share a certificate without some shared secret,
> or resorting to a third party, CA-style. Even if I encrypt the certificate
> with the recipient's public key, they can't authenticate that without
> knowing my public key in advance. Is there a simple answer to this?


It's not possible to establish a secure channel without a prior secure
channel. For infrastructural use of 0MQ I think it would make sense to set
up a certificate authority for a grid, and issue node-specific certificates
which are then signed by the CA.

Have you thought about how to deal with things like CRLs?

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20131001/3e2de298/attachment-0001.htm>


More information about the zeromq-dev mailing list