[zeromq-dev] epgm security

Jim Garlick garlick at llnl.gov
Mon Mar 3 19:02:54 CET 2014


Hi,

I have a question about the new security model and epgm.

I am pretty enthusiastic about the new ZAP design and the way
that CURVE was integrated.  I'm not a security expert, but
the design seems quite clean to me, and I was able to quickly
incorporate CURVE in the prototype code I am working on.

However, [e]pgm feels like a big loose end.  Has any thought
been put into bootstrapping epgm security (privacy, authenticity)
by "external" means?  For example, a distributed application could
generate a shared secret key, distribute it using CURVE protected
sockets, and then use use it for symmetric encryption over epgm?

Maybe there are more obvious ways to extend the current security
model to cover epgm?

I apologize if this has been discussed before.  I didn't find anything
in my searches but I would be happy to be pointed to bugs/mail threads.

Thanks,

Jim Garlick



More information about the zeromq-dev mailing list