[zeromq-dev] How to use ZeroMQ's security features
Laurent Alebarde
l.alebarde at free.fr
Fri Sep 20 09:43:31 CEST 2013
Hi Pieter,
Very nice and great job ! Thanks.
One question please : In the Iron House, does the authenticator use some
metadata to open directly the right client's certificate, or does it try
everyone until it finds a match ?
To be more clear on what I have in mind, let's consider a possible
solution : the client generates its certificate with some metadata, the
public part is transmitted to the server that checks this metadata is
unique in its store or reject the certificate and ask for a new metadata
(this process is off libzmq). The server uses this metadata as the
client's certificate file name in its store. When the client connects,
it sends this metadata to the server in the curve handcheck, so that the
server can access directly the right certificate.
Otherwise, if we have thousands certificates and a lot of clients
connecting together, we may have a race. I don't know what is the
criticity here.
Cheers,
Laurent.
Le 19/09/2013 23:25, Pieter Hintjens a écrit :
> Hi all,
>
> I've finished an article explaining the security features in ZeroMQ.
>
> http://hintjens.com/blog:49
>
> It works through half a dozen patterns from simplest to most secure.
>
> Enjoy!
> -Pieter
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20130920/01b6f52b/attachment.htm>
More information about the zeromq-dev
mailing list