On Sat, Oct 20, 2012 at 2:16 PM, Merijn Verstraaten <[email protected]>wrote:
> > > This works, but is inconvenient when group membership is transient > (requires rekey-ing all subscribers after one client leaves the group). So > after some thinking I started considering handling subscription server side > too. > I was actually chatting with someone about this the other day. One way to approach it is to have the message data encrypted with a certain key, which rotates occasionally (this is a tunable bit, but could be on new subscription for example, or after a time period). This key itself is encrypted multiple times, under client specific codes, which are broadcast when the rotation happens (or could be an OOB side channel exchange). Of course there's a question of number of clients, tradeoffs with frequency of change versus data overhead, but you get a good level of security that you can tune appropriately. Ian
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
