[zeromq-dev] curve : switch off security
Laurent Alebarde
l.alebarde at free.fr
Sat Sep 21 12:03:35 CEST 2013
I have no use case to exhibit. I agree with you that if it is not
desirable nor usefull, it should be impossible.
Le 21/09/2013 11:42, Pieter Hintjens a écrit :
> What is the use case for switching off security? I mean, do we have a
> concrete example where this is necessary? If not, I'd recommend the
> pattern where one socket has one configured security level, period.
> The risk of confusion and error is otherwise much higher ("I want
> CURVE on this tcp:// endpoint, but PLAIN on this icp:// endpoint").
>
> I was in fact thinking of making it impossible to remove security on a
> socket, once set. That may be too extreme.
>
> On Sat, Sep 21, 2013 at 11:02 AM, Laurent Alebarde <l.alebarde at free.fr> wrote:
>> Hi Pieter,
>>
>> After some thinking, I think the following would be nice to switch off
>> security :
>>
>> BEFORE :
>> int as_server = 1;
>> rc = zmq_setsockopt (server, ZMQ_PARANO_SERVER, &as_server, sizeof (int));
>> // perform some CURVE exchanges
>> // remove security
>> int as_server = 0;
>> rc = zmq_setsockopt (server, ZMQ_PARANO_SERVER, &as_server, sizeof (int));
>> // What about the client ? Can the communication continue on this socket
>> with no action on the client side ?
>> // as_server = value; in options.cpp makes me conclude communications are
>> stopped since it becomes a client ?
>>
>> AFTER :
>> rc = zmq_setsockopt (server, ZMQ_PARANO_SERVER);
>> // perform some CURVE exchanges
>> // remove security, or why not, switch to another mechanism
>> rc = zmq_setsockopt (server, ZMQ_NULL_SERVER);
>>
>> What do you think about it ?
>>
>> Cheers,
>>
>> Laurent.
>>
>>
>> Le 17/09/2013 14:40, Pieter Hintjens a écrit :
>>
>> I agree about switching off security, it should be explicit...
>>
>>
>>
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20130921/5702eb18/attachment.htm>
More information about the zeromq-dev
mailing list