[zeromq-dev] Curvezmq Message Replay

Pieter Hintjens ph at imatix.com
Sat Sep 20 20:47:44 CEST 2014


On Sat, Sep 20, 2014 at 6:36 PM, Matthew Hawn
<matthewh at donaanacounty.org> wrote:

> I agree, long nonces should use random numbers. As for the short, I was talking about under  "Differences from CurveCP"

> "While CurveCP uses strictly incrementing short nonces, CurveZMQ has no such requirement since commands are guaranteed to arrive in order over the stream transport."

Yes, that piece of text was entirely incorrect. I've removed it (you
can see the revised text online).

The actual command explanation in the RFC was more accurate, and is
now more explicit about the need to check nonces.

> Thanks for looking into this Pieter.  I am excited about having a good security system for ZeroMQ.

:-) It is fun, and hopefully we are hammering CurveZMQ hard enough to
be confident of it.

-Pieter



More information about the zeromq-dev mailing list