[zeromq-dev] libcurve ws libzmq CURVE
Laurent Alebarde
l.alebarde at free.fr
Fri Sep 13 14:10:16 CEST 2013
Thank you Pieter !
Le 13/09/2013 13:30, Pieter Hintjens a écrit :
> Libzmq and libcurve were being written at the same time, so duplicate
> all the code used to implement CurveZMQ. One is C++, one is C.
>
> Libzmq assumes tcp:// as the transport and ties its CURVE security
> into connection negotiation as required by the ZMTP protocol.
>
> Libcurve's curve_codec class does not assume any specific transport
> and could work over anything that provides an addressable transport
> (so not PUB-SUB or PUSH-PULL, but ROUTER-DEALER, HTTP, even email.)
>
> Libcurve's curve_client and curve_server classes are pseudo-sockets
> that actually do full I/O over ZMQ. The use case for these is
> end-to-end privacy across untrusted servers. I'll show this later with
> examples but it's far beyond what anyone needs today.
>
> So in conclusion:
>
> * if you want CURVE security in normal ZMQ apps, use libzmq master
> (and soon, 4.0)
> * If you want to make CurveZMQ work across arbitrary other transports,
> you may enjoy libcurve
>
> And finally, there is scope for extracting the CURVE encoding/decoding
> from libzmq and making a pure C codec that is used both in libzmq and
> libcurve. If anyone feels like it...
>
> -Pieter
>
>
>
> On Fri, Sep 13, 2013 at 1:03 PM, Laurent Alebarde <l.alebarde at free.fr> wrote:
>> Great article. Thank you Pieter.
>>
>> Could you please elaborate a little more onto libcurve and libzmq/CURVE
>> "works at a different level" ? How do they compare exactly ?
>>
>> Cheers,
>>
>>
>> Laurent.
>>
>>
>> Le 13/09/2013 11:58, Pieter Hintjens a écrit :
>>
>> On Fri, Sep 13, 2013 at 11:02 AM, Laurent Alebarde <l.alebarde at free.fr>
>> wrote:
>>
>> Shall I understand that CURVE in libzmq implements the same functionalities
>> as libcurve, but in C++ and fully integrated to libzmq ? Do we inherit
>> directly of all the available transports (DEALER/ROUTER, STREAM, REQ/REP,
>> etc) ? And multi-clients management ?
>>
>> Yes, that's right. I'm writing this up, here's the latest article:
>> http://hintjens.com/blog:48
>>
>> In multi-client, the server uses the same long term key-pair for all
>> clients, and a dedicated short term key-pair for each socket initialisation
>> ? In my understanding, but I have not yet reviewed the libzmq code, there is
>> one codec per client, them one short term key-pair per client ?
>>
>> Yes, indeed.
>>
>> -Pieter
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
>>
>>
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20130913/6096f3e0/attachment.htm>
More information about the zeromq-dev
mailing list