[zeromq-dev] About CURVE and ROUTER sockets

Pieter Hintjens ph at imatix.com
Mon Jan 19 16:23:45 CET 2015


On Mon, Jan 19, 2015 at 2:41 PM, André Caron <andre.l.caron at gmail.com> wrote:

> If a peer is rejected by curve authentication, does ZMQ automatic
> reconnection still work (and will it successfully connect once the "server"
> receives the public key)?

This is the part I'm not happy with. The client side used to retry.
However that is pathological in normal cases and so now it doesn't any
more.

What I'd suggested was rather to use the certificate server live, for
authentication. This is easy enough using ZAP. There's an example in
the reference implementation for the ZAP spec, see
https://github.com/zeromq/rfc/blob/master/src/spec_27.c

This adds a little latency to connections. Your ZAP handler could
trivially cache certificates so that this only hits the first time.

Such a directory manager is a missing piece of the security puzzle.

-Pieter



More information about the zeromq-dev mailing list