[zeromq-dev] How to use ZeroMQ's security features

Pieter Hintjens ph at imatix.com
Fri Sep 20 13:16:29 CEST 2013


Indeed, this is not one of the mechanisms we made, but since it's
extensible, I'd expect people to add more mechanisms over time.

I'll write a small guide to doing this at some stage. The starting
point would be to take the RFC for PLAIN, expand on that, and then
take the plain_mechanism.cpp class in libzmq and expand on that.

-Pieter


On Fri, Sep 20, 2013 at 12:51 PM, Diego Duclos
<sakari at whiteglovegames.com> wrote:
> After reading through: It seems that, by design, there isn't any way to
> securely authenticate someone using purely a username and a password (akin
> to SRP for example).
> Seeing as the security layer in ZMQ is extensible, is this something that is
> possible to add in ?
>
>
> On Fri, Sep 20, 2013 at 10:04 AM, Pieter Hintjens <ph at imatix.com> wrote:
>>
>> On Fri, Sep 20, 2013 at 9:43 AM, Laurent Alebarde <l.alebarde at free.fr>
>> wrote:
>>
>> > One question please : In the Iron House, does the authenticator use some
>> > metadata to open directly the right client's certificate, or does it try
>> > everyone until it finds a match ?
>>
>> It looks for a match on the client public key. The metadata will (not
>> yet implemented) be available to the application so it knows where a
>> message came from.
>>
>> > Otherwise, if we have thousands certificates and a lot of clients
>> > connecting
>> > together, we may have a race. I don't know what is the criticity here.
>>
>> There's no chance of a race. Every client public key is unique and you
>> can store any number of certificates in a suitable database (CZMQ uses
>> an in-memory hash table but this is just one possibility).
>>
>> -Pieter
>>
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



More information about the zeromq-dev mailing list