[zeromq-dev] curveZMQ: authentication / ability to identify peers

Chuck Price chuck at peloton-tech.com
Sun Nov 15 18:56:59 CET 2015


CurveZMQ provides mutual authentication already. The client provides its public key during connection establishment. If the server is authenticating clients (you can choose not to) it checks that public key against public keys it has registered. 

You have to implement the initial registration of clients yourself, in a secure fashion. Either you generate the client’s key pair and provide it to the client securely, or the client generates its key pair and provides it to the server securely. In either registration scenario, you have to pre-establish trust in some other way, else the keys you are exchanging can’t be trusted.

-chuck

> On Nov 15, 2015, at 9:43 AM, Walter B. Rasmann <zeromq.wbr at gmail.com> wrote:
> 
> I'm considering to use curveZMQ for authentication and connection security. Unfortunately I haven't found a way to identify connecting clients. That would be needed in order to see if they are authorized to do stuff on the server, which seems to be a typical use case whenever authentication is used.
> 
> My questions are:
> 
> Would it be possible to extend the zeroMQ API to enable reading out connection information which can be used for authentication?
> 
> The following might be quite useful in this context:
>   - authentication method
>   - peer IP address
>   - peer verified public key
>   - peer verified username
> 
> Are there any plans to implement something like that? 
> 
> Would that be considered a useful feature? 
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev




More information about the zeromq-dev mailing list