Martin, thanks for response. I'm going to add a central node with stunnels until I get a crypto lib integrated into my app. :)
Thanks, Ben On Fri, Aug 20, 2010 at 10:59 PM, Martin Sustrik <[email protected]> wrote: > Benjamin, > >> Is there a recommended way to secure the underlying zeromq >> communication with crypto? >> >> Given a N:M publishers and subscribers, >> >> 1. Should apps establish connections point to point between each N and >> M using something like stunnel, which zeromq can then use the tcp >> transport over? > > In most cases it's better to add a central node to the topology. So that > subscribers don't have to know about publishers or vice versa. > >> 2. Is vpn a better idea? (I guess this only really works if a customer >> is able to do this). > > Secure tunnel as well as VPN are OK as far as I can tell. > >> 3. Should apps, instead, use crypto libraries to secure the zeromq message >> body? > > Yes. End-to-end encryption allows for untrusted middle nodes. > > It would also make sense to create an ecryption wrapper library on top of > 0MQ. > >> 4. Is there a zeromq transport in the works, ie tcps, for secure >> connections? >> s.connect("tcps://example.com:5555") > > No. It isn't. > >> Has anyone tried any of the above? I'd love to hear your experiences, >> and any issues with stability and/or performance. > > Martin > _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
