[zeromq-dev] About CURVE and ROUTER sockets
Pieter Hintjens
ph at imatix.com
Mon Jan 19 16:23:45 CET 2015
On Mon, Jan 19, 2015 at 2:41 PM, André Caron <andre.l.caron at gmail.com> wrote:
> If a peer is rejected by curve authentication, does ZMQ automatic
> reconnection still work (and will it successfully connect once the "server"
> receives the public key)?
This is the part I'm not happy with. The client side used to retry.
However that is pathological in normal cases and so now it doesn't any
more.
What I'd suggested was rather to use the certificate server live, for
authentication. This is easy enough using ZAP. There's an example in
the reference implementation for the ZAP spec, see
https://github.com/zeromq/rfc/blob/master/src/spec_27.c
This adds a little latency to connections. Your ZAP handler could
trivially cache certificates so that this only hits the first time.
Such a directory manager is a missing piece of the security puzzle.
-Pieter
More information about the zeromq-dev
mailing list