[zeromq-dev] Defaulting to tweetnacl?

Jim Garlick garlick at llnl.gov
Wed Mar 2 18:33:39 CET 2016


No issue - I would have probably done it the way I suggested so
someone bulding on system that provides libsodium and is not paying
close attention would have to explicitly choose the buitin tweetnacl,
but this works fine.  Let's move on.

Regards,

Jim

On Wed, Mar 02, 2016 at 05:59:15PM +0100, Pieter Hintjens wrote:
> I've been playing with the windows build and that configure.bat was my
> attempt to toggle libsodium properly. I'll update it when I get the
> chance.
> 
> For autotools, I made the following semantics:
> 
> * default: tweetnacl (so always secure by default)
> * --with-libsodium: use libsodium instead
> * --disable-curve: use no CURVE encryption
> 
> If you find an issue using this, please explain what that is.
> 
> -Pieter
> 
> 
> On Wed, Mar 2, 2016 at 5:41 PM, Jim Garlick <garlick at llnl.gov> wrote:
> > Actually, I was concerned about the autotools build, but I just
> > verified libzmq master ec6209 lets you know if libsodium is
> > requested but not available:
> >
> >   ./configure --with-libsodium
> >   checking for sodium... no
> >   configure: error: libsodium is not installed. Install it
> >
> > Good!  Even better would be if configure with no security options
> > failed and told you to select either --with-libsodium or
> > --with-builtin-tweetnacl.
> >
> > Jim
> >
> > On Wed, Mar 02, 2016 at 04:57:42PM +0100, frank wrote:
> >> Hi,
> >>
> >> :)
> >>
> >> I could try/start at least, could you point me to a good place in the wiki?
> >> This place http://secure-web.cisco.com/1CanCltB3nWe3WDCbV65LLeGo2mcdyMUNGXWI8zRZuUeEo0lZF-bdTr6V-m-qcgaOiPNyUo7lLHGuw1nzaWRHGUZnmGgDX-lXlebgAcNw5FW5fnqESXt2fMT-8SmFY0JN6QPFDCTOh-9jjA5bIHIVY20QFfOpzAk25YzHal8DQsp4X4UviA1d10e-PtXBZzINC7NTL9INI7jekAbgVAcMxF4_e3WA1ZemdczSdaeon1uUfKYlryCeqcLQ9jOMAWRY32X6KbQYa1wRVe4vXhs0CqXRUAjZMZ5SHypKofdxB115DIVew4B3VAKVllPqZFpysGcGusM8vjiCkN0JIcGNSBjHIYDiW9R63xC-9TVl2b5Yok3HhCYYaj86uoaKjTqZ/http%3A%2F%2Fzeromq.org%2Fbuild%3A_start looks promising?
> >>
> >> Problematic for me is the section from the windows build description:
> >>
> >> |cd libzmq\builds\msvc :: first time through, run configure.bat to copy
> >> property pages at correct locations :: it also configures according to
> >> presence of libsodium or not (use default tweetnacl) |
> >> Which totally sounds like the thing Jim Garlick mentions below ("silently use this or that")
> >> So it is quite hard to document the behaviour if the approaches in the various build systems is not uniform.
> >>
> >> I was referring to the "explictly enable feature" approach implemented in the cmake build
> >> system at the time I last looked.... :(
> >>
> >> kind regards
> >>   Frank
> >>
> >>
> >>
> >>
> >> On 03/02/2016 09:37 AM, Pieter Hintjens wrote:
> >> > Sounds good. Would you like to add a section on secure builds on the
> >> > wiki? We can point people to this from the download page.
> >> >
> >> > On Wed, Mar 2, 2016 at 9:03 AM, frank <soundart at gmx.net> wrote:
> >> >>
> >> >> On 03/01/2016 09:34 PM, Jim Garlick wrote:
> >> >>
> >> >> ...
> >> >>> It at least seems wrong to have libzmq silently use builtin tweetnacl
> >> >>> if libsodium is not found, as that might lead to people not getting
> >> >>> the robust build they intended. Jim
> >> >> Hi,
> >> >>
> >> >> For me this is the most important part. In the doc should be
> >> >>
> >> >> - an overview of the crypto options available
> >> >> - a mentioning of the tweetnacl default being used
> >> >>   - btw I think no auto detection and no auto-usage of libsodium was
> >> >> discussed. libsodium has to be activated by an explict switch like
> >> >> "--with-libsodium="
> >> >> - and a recommendation for binary distributions to use libsodium,
> >> >> because of the easier security updates for them
> >> >>
> >> >> In order to avoid surprises and get a "robust build"
> >> >>
> >> >> kind regards
> >> >>   Frank
> >> >>
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> zeromq-dev mailing list
> >> >> zeromq-dev at lists.zeromq.org
> >> >> http://secure-web.cisco.com/1u3_gh1eq0oZ3weBb5CnfhOSgyAL-wyELcBi8_ARfRRBfu34iZCrbVXenVexauurt1qdiMKqBPZKMEDawHPwr09HMQ_oNcq0CIb4nstjFhsVZQal0wITdWkpb-EH8s1SECksFFkEbSqutYeRqVB5uevTrMHq2A3HGLTZIjpMesWPvXu64b7trN3fimB9xXSiqwYItNXsVXXkUhUPLwgi1uaJJgCKZXrIygyEiLRLM7419JkG9id4AqdbFTDtUuZQAQHHO_XVF3Tqe_av6k67RMjB523p4dnCiyxs_fJMF-pzmJYe8OvUEXXjhtiZUcVUZTzYBv1A2fx9lZuuTeRM8Ed5rtiIJ94_odLm76oDBdU0/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev
> >> > _______________________________________________
> >> > zeromq-dev mailing list
> >> > zeromq-dev at lists.zeromq.org
> >> > http://secure-web.cisco.com/1u3_gh1eq0oZ3weBb5CnfhOSgyAL-wyELcBi8_ARfRRBfu34iZCrbVXenVexauurt1qdiMKqBPZKMEDawHPwr09HMQ_oNcq0CIb4nstjFhsVZQal0wITdWkpb-EH8s1SECksFFkEbSqutYeRqVB5uevTrMHq2A3HGLTZIjpMesWPvXu64b7trN3fimB9xXSiqwYItNXsVXXkUhUPLwgi1uaJJgCKZXrIygyEiLRLM7419JkG9id4AqdbFTDtUuZQAQHHO_XVF3Tqe_av6k67RMjB523p4dnCiyxs_fJMF-pzmJYe8OvUEXXjhtiZUcVUZTzYBv1A2fx9lZuuTeRM8Ed5rtiIJ94_odLm76oDBdU0/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev
> >>
> >> _______________________________________________
> >> zeromq-dev mailing list
> >> zeromq-dev at lists.zeromq.org
> >> http://secure-web.cisco.com/1u3_gh1eq0oZ3weBb5CnfhOSgyAL-wyELcBi8_ARfRRBfu34iZCrbVXenVexauurt1qdiMKqBPZKMEDawHPwr09HMQ_oNcq0CIb4nstjFhsVZQal0wITdWkpb-EH8s1SECksFFkEbSqutYeRqVB5uevTrMHq2A3HGLTZIjpMesWPvXu64b7trN3fimB9xXSiqwYItNXsVXXkUhUPLwgi1uaJJgCKZXrIygyEiLRLM7419JkG9id4AqdbFTDtUuZQAQHHO_XVF3Tqe_av6k67RMjB523p4dnCiyxs_fJMF-pzmJYe8OvUEXXjhtiZUcVUZTzYBv1A2fx9lZuuTeRM8Ed5rtiIJ94_odLm76oDBdU0/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://secure-web.cisco.com/1KgN82O-J11Z4PlmCueqxcBYzXKEsC8VJ3GnkgNJ4vEtxKX1AjdW_E8cwmU6fc8cDT3SK8xgrkcvnLefomBuflNZKlKKUc8AZKb1cxxukPLRvk8uisJceErJUziDUVHxD9pfTqSdBBSZG6DoEEI5-jhyfDjsHwYhU1wkozxlBW7o5e2DQfyTCPr42opPhABeXjuka1WaKmNABpaxwi4rgZ0Ue6cgVuuZSSlF127OZLBPQPaveDS25pXD4Elw3DbLBOhbPc2hS1S99honM13lAEfwYAf5b61ddxgP-zXEsNKksYXuYskj37zC8Z1Wt2JG_5Jxu4UJ6wPE6aPcL1sdEvCOQ4RhyQTF6juS0Acc1UpQ/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://secure-web.cisco.com/1KgN82O-J11Z4PlmCueqxcBYzXKEsC8VJ3GnkgNJ4vEtxKX1AjdW_E8cwmU6fc8cDT3SK8xgrkcvnLefomBuflNZKlKKUc8AZKb1cxxukPLRvk8uisJceErJUziDUVHxD9pfTqSdBBSZG6DoEEI5-jhyfDjsHwYhU1wkozxlBW7o5e2DQfyTCPr42opPhABeXjuka1WaKmNABpaxwi4rgZ0Ue6cgVuuZSSlF127OZLBPQPaveDS25pXD4Elw3DbLBOhbPc2hS1S99honM13lAEfwYAf5b61ddxgP-zXEsNKksYXuYskj37zC8Z1Wt2JG_5Jxu4UJ6wPE6aPcL1sdEvCOQ4RhyQTF6juS0Acc1UpQ/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev



More information about the zeromq-dev mailing list