On 11/02/10 23:40, MinRK wrote: > > Thanks for all the notes, they will be very helpful in codes that use > the EncryptedSocket. Note that all of the schemes you propose are > fully supported by the EncryptedSocket, in that the *user* tells the > EncryptedSocket how to encrypt/decrypt messages. We haven't programmed > any encryption, and certainly wouldn't roll our own. We simply present > an object that allows users to conveniently use the encryption scheme > they have chosen, regardless of how good or bad it may be. >
i'll reiterate my points one last time, because i get the impression that i still am not communicating them properly: 1) i did not say EncryptedSocket did not support such-and-such encryption scheme. 2) i am against it because it doesn't belong in pyzmq, but in whatever serialization protocol you're using. if the protocol doesn't support security, it's time to switch to one that does, instead of implementing hacks over other hacks. that's because proper serialization protocols will let you distinguish and switch between various levels of cryptographic security transparently, which in turn will let you have performance advantages by using cryptography only when it's needed. 3) i'm against it because it doesn't promote the right way of doing things. that's a direct consequence of the above. 4) if indeed you use it, be sure to adopt a verification scheme like hmac, because a single bit flip inside a chain-encrypted byte-stream will have disastrous consequences for your data, especially when it's binary. 5) my spending all this time explaining you the consequences of your actions has absolutely zero tangible benefit to me. i don't care if you keep EncryptedSocket inside pyzmq because you've taken care to make it unobtrusive -- it doesn't interfere with my use case at all. so this is not a "strong demand" or anything to do my bidding. do whatever floats your boat. i certainly hope we on the same page now. burak _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
