[zeromq-dev] Q: advice on client authentication sought

Michael Haberler mail17 at mah.priv.at
Mon Aug 18 10:36:22 CEST 2014


I'm trying to devise a strategy how to deal with DEALER authentication with PLAIN and CURVE auth, assuming a public network scenario (PLAIN would be applicable if the public hop is encrypted for instance over a SSL websocket).

I have dealer clients, some of which do only getter ops; some do getter and setter ops

I'd like to give the modify operations different credentials than the observer-only ops.

The options I currently see are:

1. different ROUTER sockets - one for inspectors, one for modifiers (which subsumes inspection), so R/O and R/W if you will.
2. a single socket, and tack on a signature frame for modifier ops, generated from message contents and a secret shared between DEALER and ROUTER

not fully happy with either - any I overlooked?

(1) would mean going down the route of 'one socket per client credential set', and that doesnt scale well with more than my two (R/O vs R/W) credential sets
(2) essentially means a message authentication scheme outside ZAP/zauth ; however it enables me to create an error return on credential mismatch, something I dont see yet with PLAIN and CURVE as the library stands (messages from a client with bad credentials are just dropped)


do I read docs correctly that:

- a CURVE auth scheme with CURVE_ALLOW_ANY is essentially an encrypted pipe without client authentication?
- a recipient (eg ROUTER) cannot inspect origin credentials on a per-message basis?
- a CURVE authentication without also encrypting the pipe is not possible (whacky but might make sense if the public hop is encrypted anyway)


thanks in advance,

Michael




More information about the zeromq-dev mailing list