[zeromq-dev] Secure proxies

Charles West crwest at ncsu.edu
Tue Apr 14 19:52:15 CEST 2015


Hello all,

I've been working on a secure peer to peer, tag labelled PUB/SUB system
with permission using SQLite and ZMQ on and off for a while (
https://github.com/charlesrwest/societyOfMachines).  One issue I am still
working out is the best way to do NAT proxies without breaking security.

The simple way to act as a proxy would be just to make a ZMQ socket on each
side and forward the data.  The problem with that is that this would
require the data to be unencryped on one side, copied and reencrypted.
This introduces both overhead and allows the proxy to snoop (bad for
general principles).

An ideal way of dealing with it would be to do direct TCP rerouting, but
that would require the TCP segments coming in and out of the proxy's client
to have IP in IP encapsulation.  If I may ask, is there any way to apply IP
in IP encapsulation to the packets sent by ZMQ sockets?  Alternatively, do
you guys know of a better way to make a proxy that can't snoop on the
encrypted data?

Thanks,
Charlie West
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20150414/cd787174/attachment.htm>


More information about the zeromq-dev mailing list