On Thu, May 19, 2011 at 8:29 AM, Martin Sustrik <[email protected]> wrote:
> As a side note: end-to-end encrtyption seems to be the only solution for > large scale pub/sub networks with untrusted middle nodes (devices). Not just for pub/sub but for any pattern, IMO. If you do request-reply across a broker, you don't want the broker decrypting and re-encrypting content. The problem here is that any smart device needs access to at least part of the message for filtering and/or routing. So encryption has to be selective, it can't happen at the 0MQ transport layer. If you disallow devices and do point-to-point messaging, you can envisage transport layer security. So cutting out the philosophy, we have two known solutions for security. One is per-message encryption with out-of-band key distribution, which is ideal for pubsub flows over TCP or PGM. Salt proves this design. Second option is bridging over HTTPS, for Internet-scale distribution. There are at least two or three such projects in progress, though they may still be at the HTTP stage (without the SSL parts yet). -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
