On Wed, Aug 7, 2013 at 4:15 PM, Laurent Alebarde <[email protected]> wrote:
> Which RFC is implemented (26) ? Partially or totally ? * RFC 23, except commands. * RFC 24, 25, 26, 27, 28, 29, 30, 31, and 32 fully. > Do we have both sides authentication today or not ? Yes, client always authenticates server by setting socket option, and server optionally authenticates clients by using ZAP plugin. > In RFC26, § Overall Operation of CurveZMQ, it looks like the server actually > authenticate the client from its long term public key from the INITIATE > command, but there is no point where the client authenticate the server from > its long term public key. If the client uses the wrong server key, it cannot send a valid HELLO command, and it cannot read the WELCOME command. The server does not send its long term public key - the client MUST already have this. > Can the same server long term public key be used for many clients (I assume > yes from my understanding) ? Yes. > That's the long term public keys which are used for authentication and > therefore shall be known by the other end-point, so transmitted by other > means. Yes. > How does this CurveZMQ authentication mechanism compares with https > certificates ? There's no certificate authority. Long terms keys are exchanged in advance. It means two peers can connect securely even if they don't have full Internet access. -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
