[zeromq-dev] Curvezmq Message Replay
Pieter Hintjens
ph at imatix.com
Sat Sep 20 20:47:44 CEST 2014
On Sat, Sep 20, 2014 at 6:36 PM, Matthew Hawn
<matthewh at donaanacounty.org> wrote:
> I agree, long nonces should use random numbers. As for the short, I was talking about under "Differences from CurveCP"
> "While CurveCP uses strictly incrementing short nonces, CurveZMQ has no such requirement since commands are guaranteed to arrive in order over the stream transport."
Yes, that piece of text was entirely incorrect. I've removed it (you
can see the revised text online).
The actual command explanation in the RFC was more accurate, and is
now more explicit about the need to check nonces.
> Thanks for looking into this Pieter. I am excited about having a good security system for ZeroMQ.
:-) It is fun, and hopefully we are hammering CurveZMQ hard enough to
be confident of it.
-Pieter
More information about the zeromq-dev
mailing list