[zeromq-dev] Defaulting to tweetnacl?
Pieter Hintjens
ph at imatix.com
Wed Mar 2 17:59:15 CET 2016
I've been playing with the windows build and that configure.bat was my
attempt to toggle libsodium properly. I'll update it when I get the
chance.
For autotools, I made the following semantics:
* default: tweetnacl (so always secure by default)
* --with-libsodium: use libsodium instead
* --disable-curve: use no CURVE encryption
If you find an issue using this, please explain what that is.
-Pieter
On Wed, Mar 2, 2016 at 5:41 PM, Jim Garlick <garlick at llnl.gov> wrote:
> Actually, I was concerned about the autotools build, but I just
> verified libzmq master ec6209 lets you know if libsodium is
> requested but not available:
>
> ./configure --with-libsodium
> checking for sodium... no
> configure: error: libsodium is not installed. Install it
>
> Good! Even better would be if configure with no security options
> failed and told you to select either --with-libsodium or
> --with-builtin-tweetnacl.
>
> Jim
>
> On Wed, Mar 02, 2016 at 04:57:42PM +0100, frank wrote:
>> Hi,
>>
>> :)
>>
>> I could try/start at least, could you point me to a good place in the wiki?
>> This place http://secure-web.cisco.com/1CanCltB3nWe3WDCbV65LLeGo2mcdyMUNGXWI8zRZuUeEo0lZF-bdTr6V-m-qcgaOiPNyUo7lLHGuw1nzaWRHGUZnmGgDX-lXlebgAcNw5FW5fnqESXt2fMT-8SmFY0JN6QPFDCTOh-9jjA5bIHIVY20QFfOpzAk25YzHal8DQsp4X4UviA1d10e-PtXBZzINC7NTL9INI7jekAbgVAcMxF4_e3WA1ZemdczSdaeon1uUfKYlryCeqcLQ9jOMAWRY32X6KbQYa1wRVe4vXhs0CqXRUAjZMZ5SHypKofdxB115DIVew4B3VAKVllPqZFpysGcGusM8vjiCkN0JIcGNSBjHIYDiW9R63xC-9TVl2b5Yok3HhCYYaj86uoaKjTqZ/http%3A%2F%2Fzeromq.org%2Fbuild%3A_start looks promising?
>>
>> Problematic for me is the section from the windows build description:
>>
>> |cd libzmq\builds\msvc :: first time through, run configure.bat to copy
>> property pages at correct locations :: it also configures according to
>> presence of libsodium or not (use default tweetnacl) |
>> Which totally sounds like the thing Jim Garlick mentions below ("silently use this or that")
>> So it is quite hard to document the behaviour if the approaches in the various build systems is not uniform.
>>
>> I was referring to the "explictly enable feature" approach implemented in the cmake build
>> system at the time I last looked.... :(
>>
>> kind regards
>> Frank
>>
>>
>>
>>
>> On 03/02/2016 09:37 AM, Pieter Hintjens wrote:
>> > Sounds good. Would you like to add a section on secure builds on the
>> > wiki? We can point people to this from the download page.
>> >
>> > On Wed, Mar 2, 2016 at 9:03 AM, frank <soundart at gmx.net> wrote:
>> >>
>> >> On 03/01/2016 09:34 PM, Jim Garlick wrote:
>> >>
>> >> ...
>> >>> It at least seems wrong to have libzmq silently use builtin tweetnacl
>> >>> if libsodium is not found, as that might lead to people not getting
>> >>> the robust build they intended. Jim
>> >> Hi,
>> >>
>> >> For me this is the most important part. In the doc should be
>> >>
>> >> - an overview of the crypto options available
>> >> - a mentioning of the tweetnacl default being used
>> >> - btw I think no auto detection and no auto-usage of libsodium was
>> >> discussed. libsodium has to be activated by an explict switch like
>> >> "--with-libsodium="
>> >> - and a recommendation for binary distributions to use libsodium,
>> >> because of the easier security updates for them
>> >>
>> >> In order to avoid surprises and get a "robust build"
>> >>
>> >> kind regards
>> >> Frank
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> zeromq-dev mailing list
>> >> zeromq-dev at lists.zeromq.org
>> >> http://secure-web.cisco.com/1u3_gh1eq0oZ3weBb5CnfhOSgyAL-wyELcBi8_ARfRRBfu34iZCrbVXenVexauurt1qdiMKqBPZKMEDawHPwr09HMQ_oNcq0CIb4nstjFhsVZQal0wITdWkpb-EH8s1SECksFFkEbSqutYeRqVB5uevTrMHq2A3HGLTZIjpMesWPvXu64b7trN3fimB9xXSiqwYItNXsVXXkUhUPLwgi1uaJJgCKZXrIygyEiLRLM7419JkG9id4AqdbFTDtUuZQAQHHO_XVF3Tqe_av6k67RMjB523p4dnCiyxs_fJMF-pzmJYe8OvUEXXjhtiZUcVUZTzYBv1A2fx9lZuuTeRM8Ed5rtiIJ94_odLm76oDBdU0/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev
>> > _______________________________________________
>> > zeromq-dev mailing list
>> > zeromq-dev at lists.zeromq.org
>> > http://secure-web.cisco.com/1u3_gh1eq0oZ3weBb5CnfhOSgyAL-wyELcBi8_ARfRRBfu34iZCrbVXenVexauurt1qdiMKqBPZKMEDawHPwr09HMQ_oNcq0CIb4nstjFhsVZQal0wITdWkpb-EH8s1SECksFFkEbSqutYeRqVB5uevTrMHq2A3HGLTZIjpMesWPvXu64b7trN3fimB9xXSiqwYItNXsVXXkUhUPLwgi1uaJJgCKZXrIygyEiLRLM7419JkG9id4AqdbFTDtUuZQAQHHO_XVF3Tqe_av6k67RMjB523p4dnCiyxs_fJMF-pzmJYe8OvUEXXjhtiZUcVUZTzYBv1A2fx9lZuuTeRM8Ed5rtiIJ94_odLm76oDBdU0/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev
>>
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://secure-web.cisco.com/1u3_gh1eq0oZ3weBb5CnfhOSgyAL-wyELcBi8_ARfRRBfu34iZCrbVXenVexauurt1qdiMKqBPZKMEDawHPwr09HMQ_oNcq0CIb4nstjFhsVZQal0wITdWkpb-EH8s1SECksFFkEbSqutYeRqVB5uevTrMHq2A3HGLTZIjpMesWPvXu64b7trN3fimB9xXSiqwYItNXsVXXkUhUPLwgi1uaJJgCKZXrIygyEiLRLM7419JkG9id4AqdbFTDtUuZQAQHHO_XVF3Tqe_av6k67RMjB523p4dnCiyxs_fJMF-pzmJYe8OvUEXXjhtiZUcVUZTzYBv1A2fx9lZuuTeRM8Ed5rtiIJ94_odLm76oDBdU0/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
More information about the zeromq-dev
mailing list