On May 18, 2011, at 5:38 PM, Christian Martinez wrote:
> I see suggestions but no actual details.
>
> I have gotten management intrigued about using ZeroMQ but the security
> question is now coming up strong.
>
> Would love to hear real stories of folks who’ve implemented something.
>
> --CM
I think with high performance systems of this type, adding a security layer can
introduce inefficiencies/delays if done wrong, not to mention making the API
more complex for newbies.
By the way this is not uniquely ZMQ related - Same goes for UDT if you take a
look at section 18 of the spec (They mimic the same "security" as implemented
in TCP):
http://udt.sourceforge.net/doc/draft-gg-udt-03.txt
You would usually implement security at another layer entirely, one where the
IT guys know what they are doing (very fast VPN's, or just firewalls, etc. all
depending on the scenario of course). Or you do it at the software level with
encryption.
Personally, I see ZMQ, UDT and TCP as being in the same "family" of "products".
Just like SSL is at a higher layer, and runs over TCP/UDP, it can similarly run
over UDT and ZMQ, but it's up to you to implement it and encode the data prior
to transmission, and you better leave ZMQ out of it, keeping it simple for
those who use it in LAN environments, or those who simply couldn't care less
about security because their scenarios allow for that.
So I guess if you need security, Just use libssl and encrypt your data prior to
transmission, or get your IT to take care of the problem for you :-)
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
