[zeromq-dev] curve : switch off security
Pieter Hintjens
ph at imatix.com
Sat Sep 21 11:42:04 CEST 2013
What is the use case for switching off security? I mean, do we have a
concrete example where this is necessary? If not, I'd recommend the
pattern where one socket has one configured security level, period.
The risk of confusion and error is otherwise much higher ("I want
CURVE on this tcp:// endpoint, but PLAIN on this icp:// endpoint").
I was in fact thinking of making it impossible to remove security on a
socket, once set. That may be too extreme.
On Sat, Sep 21, 2013 at 11:02 AM, Laurent Alebarde <l.alebarde at free.fr> wrote:
> Hi Pieter,
>
> After some thinking, I think the following would be nice to switch off
> security :
>
> BEFORE :
> int as_server = 1;
> rc = zmq_setsockopt (server, ZMQ_PARANO_SERVER, &as_server, sizeof (int));
> // perform some CURVE exchanges
> // remove security
> int as_server = 0;
> rc = zmq_setsockopt (server, ZMQ_PARANO_SERVER, &as_server, sizeof (int));
> // What about the client ? Can the communication continue on this socket
> with no action on the client side ?
> // as_server = value; in options.cpp makes me conclude communications are
> stopped since it becomes a client ?
>
> AFTER :
> rc = zmq_setsockopt (server, ZMQ_PARANO_SERVER);
> // perform some CURVE exchanges
> // remove security, or why not, switch to another mechanism
> rc = zmq_setsockopt (server, ZMQ_NULL_SERVER);
>
> What do you think about it ?
>
> Cheers,
>
> Laurent.
>
>
> Le 17/09/2013 14:40, Pieter Hintjens a écrit :
>
> I agree about switching off security, it should be explicit...
>
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
More information about the zeromq-dev
mailing list