[zeromq-dev] Just a simple quick question about ZeroMQ security.

Pieter Hintjens ph at imatix.com
Tue Feb 25 21:29:45 CET 2014


On Tue, Feb 25, 2014 at 9:53 AM, Goswin von Brederlow <goswin-v-b at web.de> wrote:

> Obviously NULL is pointless. But so is password. A password can be
> captured and reused so anyone can simply steal your account. So that
> leaves public/private key pair.

They're not quite pointless... :) NULL is compatible with existing
deployments. That's proven to be a useful thing. PLAIN is a template
for other mechanisms. It's simple and yet has a real handshake.

There's a whole thread a few months back on certificates. It's worth
re-reading that IMO before discussing again. It gets complex, fast
though.

-Pieter



More information about the zeromq-dev mailing list