This looks great Pieter. The lack of a good security mechanism has been a stumbling block for me in the past and I'm glad you have a good plan in place to address it. I'll admit though that I was a bit disappointed a couple weeks ago when I announced the proof-of-concept DTLS over ZMQ implementation. I was all excited about being able to contribute something useful to the project and then you come along with this vastly superior security initiative. Typical ;-)
I have one question about your currently proposed security mechanisms though. Have you considered adding Secure Remote Password (SRP) to that list? It requires the same end-user administrative overhead as PLAIN (traditional password-management issues) but additionally provides mutual authentication and encryption. It might serve as a good intermediate step between PLAIN and CURVE. If you're interested, there's a C implementation available at https://github.com/cocagne/csrp that's intended for direct inclusion into utilizing applications. Tom On Sun, Apr 14, 2013 at 6:35 AM, Pieter Hintjens <[email protected]> wrote: > Hi all, > > I've published a draft of the ZMTP v3.0 protocol, and an article > explaining the reasons and design decisions, see > http://rfc.zeromq.org/spec:23 and http://hintjens.com/blog:39. > > Overall: > > * addition of SASL-style security mechanisms (NULL, PLAIN, CURVE ,...) > * extensible connection metadata (socket type, identity, resource, ...) > > Critiques and comments welcome. At this stage we're not looking for > new features, just to solve the biggest problems with the current > protocol. > > Next steps: reference implementation (in C), and then implementation > in libzmq, to give us a 3.3 version. > > -Pieter > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev >
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
