[zeromq-dev] need clarification/confirmation in the libcurve code #12 about authentication

Laurent Alebarde l.alebarde at free.fr
Wed Sep 11 19:44:51 CEST 2013


Hi Pieter,

I need your lights please on the authentication mechanisms. Are these 
two assertions correct ?

In s_produce_welcome, you comment (l 544) that you safely generate a 
transient keypair, since Client is authenticated, what is performed with 
Box [64 * %x0](C'->S) that proves Client knows S.

Then, we have the ZAP authentication into s_process_initiate : 
s_authenticate_peer (self) (l 693). This is a second stage of 
authentication, here based on a valid C provided by the Client, and 
known by the Server from other means. In zap_authenticator (l 1034), you 
comment : Rest of request contains client public key. So if we want this 
authentication based on C, we would compare the received key with the 
known one. We could also use any authentication algorithm as you present 
it in the ZAP RFC.


Cheers,


Laurent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20130911/4d4c4472/attachment.htm>


More information about the zeromq-dev mailing list