[zeromq-dev] About CURVE and ROUTER sockets

Andre Caron andre.l.caron at gmail.com
Tue Jan 20 05:55:53 CET 2015


Thanks for clarifying that.

At the moment, I'm using the directory for discovery so I can exchange keys through there at the same time as I discover peer ensuring that this edge case never happens.  It's like hitting two birds with one stone :-)

André

> On Jan 19, 2015, at 10:23 AM, Pieter Hintjens <ph at imatix.com> wrote:
> 
>> On Mon, Jan 19, 2015 at 2:41 PM, André Caron <andre.l.caron at gmail.com> wrote:
>> 
>> If a peer is rejected by curve authentication, does ZMQ automatic
>> reconnection still work (and will it successfully connect once the "server"
>> receives the public key)?
> 
> This is the part I'm not happy with. The client side used to retry.
> However that is pathological in normal cases and so now it doesn't any
> more.
> 
> What I'd suggested was rather to use the certificate server live, for
> authentication. This is easy enough using ZAP. There's an example in
> the reference implementation for the ZAP spec, see
> https://github.com/zeromq/rfc/blob/master/src/spec_27.c
> 
> This adds a little latency to connections. Your ZAP handler could
> trivially cache certificates so that this only hits the first time.
> 
> Such a directory manager is a missing piece of the security puzzle.
> 
> -Pieter
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev



More information about the zeromq-dev mailing list