Hi, As original poster, I think I did a poor job of clarifying exactly what we are seeking feedback on. Let me attempt that now and summarize where we are at in our collective thinking on this issue....
1. Is the EncryptedSocket interface that Min has prototyped in his branch a good plugin interface for users to add message based encryption of their choice. I think that once everyone understood that Min's prototype leaves the choice of cryptographic approach up the user, they became more comfortable with the design. It does not pick or enforce a particular encryption approach. But, one valid point made is that the interface does not force users of pyzmq to handle encryption in a correct manner. They might do it well, or they might do something very insecure. This is important... 2. Is the idea of message based security worth pursuing? I think Min's recent email summarizes the differences between message based and transport based security: Transport: encrypt/decrypt happen at each zmq hop Message: only decrypt at endpoints (big deal for many relay hops) Transport: always encrypt everything Message: can encrypt only the sensitive subset of traffic 3. What type of cryptographic approach is appropriate for message based security. Baruk has made the excellent point that data integrity and authenticity is important in addition to data privacy. I heartily agree with this. Another way of saying this is that if your application and data stream is sensitive to data corruption (malicious or not), you can't just encrypt the data. You also need to compute message authentication codes using a keyed hash function (HMAC). I tried to make the point, that this is true whether a data stream is encrypted or not. This last point is important and is worth stopping to emphasize: * If you are using zeromq to send message that CANNOT be corrupted in any way, you MUST do something to ensure message integrity and authenticity. Baruk has proposed that a suitable approach is to use HMAC (for message authenticity+validation) along with something like AES for encryption. This is useful if key exchange/distribution can be handled by an external protocol. PGP should also be looked at. Is this a good summary? I have one other question: What vulnerabilities remain if message based HMAC + AES security is used? In my mind, the main issue become how to distribute/exchange keys. Cheers, Brian -- Brian E. Granger, Ph.D. Assistant Professor of Physics Cal Poly State University, San Luis Obispo [email protected] [email protected] _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
