[zeromq-dev] About CURVE and ROUTER sockets
Andre Caron
andre.l.caron at gmail.com
Tue Jan 20 05:55:53 CET 2015
Thanks for clarifying that.
At the moment, I'm using the directory for discovery so I can exchange keys through there at the same time as I discover peer ensuring that this edge case never happens. It's like hitting two birds with one stone :-)
André
> On Jan 19, 2015, at 10:23 AM, Pieter Hintjens <ph at imatix.com> wrote:
>
>> On Mon, Jan 19, 2015 at 2:41 PM, André Caron <andre.l.caron at gmail.com> wrote:
>>
>> If a peer is rejected by curve authentication, does ZMQ automatic
>> reconnection still work (and will it successfully connect once the "server"
>> receives the public key)?
>
> This is the part I'm not happy with. The client side used to retry.
> However that is pathological in normal cases and so now it doesn't any
> more.
>
> What I'd suggested was rather to use the certificate server live, for
> authentication. This is easy enough using ZAP. There's an example in
> the reference implementation for the ZAP spec, see
> https://github.com/zeromq/rfc/blob/master/src/spec_27.c
>
> This adds a little latency to connections. Your ZAP handler could
> trivially cache certificates so that this only hits the first time.
>
> Such a directory manager is a missing piece of the security puzzle.
>
> -Pieter
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
More information about the zeromq-dev
mailing list