[zeromq-dev] need clarification/confirmation in the libcurve code #12 about authentication
Laurent Alebarde
l.alebarde at free.fr
Wed Sep 11 19:44:51 CEST 2013
Hi Pieter,
I need your lights please on the authentication mechanisms. Are these
two assertions correct ?
In s_produce_welcome, you comment (l 544) that you safely generate a
transient keypair, since Client is authenticated, what is performed with
Box [64 * %x0](C'->S) that proves Client knows S.
Then, we have the ZAP authentication into s_process_initiate :
s_authenticate_peer (self) (l 693). This is a second stage of
authentication, here based on a valid C provided by the Client, and
known by the Server from other means. In zap_authenticator (l 1034), you
comment : Rest of request contains client public key. So if we want this
authentication based on C, we would compare the received key with the
known one. We could also use any authentication algorithm as you present
it in the ZAP RFC.
Cheers,
Laurent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20130911/4d4c4472/attachment.htm>
More information about the zeromq-dev
mailing list