[zeromq-dev] Proposal for ZeroMQ certificate format

Pieter Hintjens ph at imatix.com
Mon Oct 14 14:33:50 CEST 2013


Hi all,

I've posted a proposal for a certificate format at http://hintjens.com/blog:62.

This is not yet an RFC draft, but meant to drive the discussion
forwards. It's a text format split into two layers; a generic
"envelope" format that delivers opaque frames (sound familiar?) and a
per-mechanism layer that further specifies the content.

Here's an example of what it might look like:

-----BEGIN ZEROMQ CERTIFICATE-----
Version: 0.1
Mechanism: CURVE
Comment: An example, will not actually decode.
Content-signed-by: Yne@$w-vo<fVvi]a<NY6T1ed:M$fCG*[IaLV{hID
Content-signed-to: rq:rM>}U?@Lns47E1%kR.o at n%FcmmsL/@{H8]yf7
381,384,c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87
nP2U)xK at r8zF9)4zF78kwNPQ?xDQ]9AV!^kzE[2mv}xX5x>z6?vru66w]zZbvrrS7z/M$7w\
PzY-q7J?YazUX3yH}30z!pb2ax at J3Bz%n]fly(FwNPa4xkI6{wId[wxd)[mvqYTezE){lz/\
PRCDs.bnze?gswP?T3fetjsgCQ7<x>7Y%y?X67y<vdBxMvV)wft/daBmQtz/6FCwmY{&aA}\
KwxDRwmzdK&izY&FawftG5AX5tHx([DkwGUz]A+e*0wO#PvayPd#az+$rB0bykazCv$vrj4\
znP2U)xLzJgvrcE7v at bZ0nHFs<aAhvjB7GlhayMylBAg/laz>L8aARp9BrCKlz/xJ7ay!?$\
ayX[<Bs[WUra]?=w]zZbvrrSaB0a}2B7F(8z/cXtxK at q<xMOuniXJdgCxUVNwPRJpz/PFzA\
+n/mA+n/rh.^iyBA?)Iq=ujxaAhEjy?Wx4yH}=lw]zZbvrt^c3ig5a
-----END ZEROMQ CERTIFICATE-----

Notes:

* The "c1:b1:30:..." string is the MD5 signature as per SSH2 public keys.
* Here the content is encrypted to the recipient's public key and then
encoded as Z85.

I'll be on IRC today (now) if anyone wants to discuss this in the next
hours. Otherwise, comments here by email as usual.

-
Pieter Hintjens
CEO of iMatix.com
Founder of ZeroMQ community
blog: http://hintjens.com



More information about the zeromq-dev mailing list