[zeromq-dev] Secure proxies

Steve Eley sfeley at gmail.com
Tue Apr 14 20:54:52 CEST 2015


On Apr 14, 2015, at 1:52 PM, Charles West <crwest at ncsu.edu> wrote:
> 
> The simple way to act as a proxy would be just to make a ZMQ socket on each side and forward the data.  The problem with that is that this would require the data to be unencryped on one side, copied and reencrypted.  This introduces both overhead and allows the proxy to snoop (bad for general principles).

I might be missing something obvious, but why would it require that?  The proxy might need to be able to read addressing information to do its job, but why would it need to see the payload?  Just establish a header/body separation, encrypt the header with a shared key that's readable by your whole routing system, and encrypt the body with keys that are only known to the endpoints.


Have Fun,
Steve Eley

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20150414/a1f31393/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4877 bytes
Desc: not available
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20150414/a1f31393/attachment.bin>


More information about the zeromq-dev mailing list