[zeromq-dev] Certificate formats

Pieter Hintjens ph at imatix.com
Wed Oct 2 09:11:31 CEST 2013

So this may be a very stupid question, but what does a certificate
have to hold that is so complex? We have one or two keys, some meta
data... why would you'd be thinking of anything more complex than
plain text?

For a grid, yes, a certificate server seems the right model. I've not
thought about CRLs as we don't have the use case for revocation yet.

On Wed, Oct 2, 2013 at 2:22 AM, Tony Arcieri <bascule at gmail.com> wrote:
> On Tue, Oct 1, 2013 at 4:21 AM, Pieter Hintjens <ph at imatix.com> wrote:
>> http://hintjens.com/blog:53
> Regarding this specifically:
>> I don't see a way to safely share a certificate without some shared
>> secret, or resorting to a third party, CA-style. Even if I encrypt the
>> certificate with the recipient's public key, they can't authenticate that
>> without knowing my public key in advance. Is there a simple answer to this?
> It's not possible to establish a secure channel without a prior secure
> channel. For infrastructural use of 0MQ I think it would make sense to set
> up a certificate authority for a grid, and issue node-specific certificates
> which are then signed by the CA.
> Have you thought about how to deal with things like CRLs?
> --
> Tony Arcieri
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

More information about the zeromq-dev mailing list