[zeromq-dev] need clarification/confirmation in the libcurve code #12 about authentication

Pieter Hintjens ph at imatix.com
Wed Sep 11 21:23:55 CEST 2013


On Wed, Sep 11, 2013 at 7:44 PM, Laurent Alebarde <l.alebarde at free.fr> wrote:

> In s_produce_welcome, you comment (l 544) that you safely generate a
> transient keypair, since Client is authenticated, what is performed with Box
> [64 * %x0](C'->S) that proves Client knows S.

I realize that my comment there is wrong, the client is of course
still unknown and all we can say for sure is that it has the server's
public key, which is better than knowing nothing at all but not a lot.

I'll leave the code as-is -- generating the client transient key as
late as possible is good because it raises the cost of DoS attacks --
but fix the comment.

> So if we want this
> authentication based on C, we would compare the received key with the known
> one. We could also use any authentication algorithm as you present it in the
> ZAP RFC.

Yes, usually we'd have a store or database of known clients (C for
each) and check that in the authenticator. The zap_authenticator in
the code is an example for the selftest. In a real application the
calling application would provide this function.

Thanks for reviewing the code. I'll push that patch asap.

-Pieter



More information about the zeromq-dev mailing list