[zeromq-dev] How to use ZeroMQ's security features

Laurent Alebarde l.alebarde at free.fr
Fri Sep 20 09:43:31 CEST 2013


Hi Pieter,

Very nice and great job ! Thanks.

One question please : In the Iron House, does the authenticator use some 
metadata to open directly the right client's certificate, or does it try 
everyone until it finds a match ?

To be more clear on what I have in mind, let's consider a possible 
solution : the client generates its certificate with some metadata, the 
public part is transmitted to the server that checks this metadata is 
unique in its store or reject the certificate and ask for a new metadata 
(this process is off libzmq). The server uses this metadata as the 
client's certificate file name in its store. When the client connects, 
it sends this metadata to the server in the curve handcheck, so that the 
server can access directly the right certificate.

Otherwise, if we have thousands certificates and a lot of clients 
connecting together, we may have a race. I don't know what is the 
criticity here.

Cheers,


Laurent.


Le 19/09/2013 23:25, Pieter Hintjens a écrit :
> Hi all,
>
> I've finished an article explaining the security features in ZeroMQ.
>
> http://hintjens.com/blog:49
>
> It works through half a dozen patterns from simplest to most secure.
>
> Enjoy!
> -Pieter
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20130920/01b6f52b/attachment.htm>


More information about the zeromq-dev mailing list