Hmm, the use of multiple security mechanisms was one thing we considered and rejected when designing ZMTP 3.0. The problem is that you would have to expand the message API to allow the reader to ask the security level for each message. If you really want a PLAIN and a CURVE mix, you can use two sockets. Allowing more than one mechanism per socket makes _everything_ more complex and it's not clear that the benefits are worth it.
I'd really like to get 4.0 released with a minimal plausible security model, and expand on it later. Also, if we did have multiple levels per socket, that would not change ZAP. The server would just make multiple ZAP requests, one per mechanism... -Pieter On Fri, Aug 23, 2013 at 7:44 PM, Jeremy Rossi <[email protected]> wrote: > I have been spending sometime with zeromq and zap. With this I am thinking > about refactoring the libzmq zap / security code a little to add some > features and solve a problem I have. > > I think we should be able to stack mechanisms. So that you are are able to > use ZMQ_CURVE and ZMQ_PLAIN on the same socket. This would allow secure > transport of the username/password with out having to manage the keys. Also > in my use case would allow the zap provider to learn the public key of a > client while still providing authentication for that learning process. > > To achieve this I think the ZAP frame generation and processing should be > moved to stream_engine.cpp and make calls into the mechanisms to gather the > needed information to send to zap endpoint. > > Figured I would start the chat before working on code and get some feedback. > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
