On Fri, Jun 10, 2011 at 9:50 AM, Martin Sustrik <[email protected]> wrote:
> On 06/09/2011 01:14 PM, Pieter Hintjens wrote: > > > I've posted a draft proposal for secure pubsub, here: > > http://www.zeromq.org/topics:pubsub-security > > One interesting question is what if the subscribers are literally > "subscribers" ie. paying for getting the feed. Once the subscription is > not renewed they shouldn't be able to decrypt the messages. > > Martin > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > Sorry gents, I have had a LOT on my plate lately, I need to carefully look over this spec more. The idea is that if the master sends a publication that the minion can't decrypt, meaning the "feed" stopped, or changed, (aka, the AES key changed) then the minion re authenticates to get the current AES key, hence coming back to the crew so to speak. The concern with DOS attacks is also addressed here, if the second authentication returns a key that cannot decrypt the publication, or the second authentication fails. Then the minion assumes that the master has been compromised and shuts down. I agree with Pieter, and intend to build it in, that the master AES key is rotated on a configurable basis. This forcing regular re-authentication. But I think that should stay configurable, some deployments might not see the value. -Thomas S Hatch
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
