[zeromq-dev] Certificate formats

Pieter Hintjens ph at imatix.com
Wed Oct 2 09:11:31 CEST 2013


So this may be a very stupid question, but what does a certificate
have to hold that is so complex? We have one or two keys, some meta
data... why would you'd be thinking of anything more complex than
plain text?

For a grid, yes, a certificate server seems the right model. I've not
thought about CRLs as we don't have the use case for revocation yet.

On Wed, Oct 2, 2013 at 2:22 AM, Tony Arcieri <bascule at gmail.com> wrote:
> On Tue, Oct 1, 2013 at 4:21 AM, Pieter Hintjens <ph at imatix.com> wrote:
>>
>> http://hintjens.com/blog:53
>
>
> Regarding this specifically:
>
>> I don't see a way to safely share a certificate without some shared
>> secret, or resorting to a third party, CA-style. Even if I encrypt the
>> certificate with the recipient's public key, they can't authenticate that
>> without knowing my public key in advance. Is there a simple answer to this?
>
>
> It's not possible to establish a secure channel without a prior secure
> channel. For infrastructural use of 0MQ I think it would make sense to set
> up a certificate authority for a grid, and issue node-specific certificates
> which are then signed by the CA.
>
> Have you thought about how to deal with things like CRLs?
>
> --
> Tony Arcieri
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



More information about the zeromq-dev mailing list