Hmm... so your problem is public key exchange. It's a fair problem but I think you can do this using ZAP as it stands today.
On Sat, Aug 24, 2013 at 2:50 PM, Brian Knox <[email protected]> wrote: > +1 for minimal plausible security for 4. > > On 8/23/2013 5:21 PM, Pieter Hintjens wrote: >> Hmm, the use of multiple security mechanisms was one thing we >> considered and rejected when designing ZMTP 3.0. The problem is that >> you would have to expand the message API to allow the reader to ask >> the security level for each message. If you really want a PLAIN and a >> CURVE mix, you can use two sockets. Allowing more than one mechanism >> per socket makes _everything_ more complex and it's not clear that the >> benefits are worth it. >> >> I'd really like to get 4.0 released with a minimal plausible security >> model, and expand on it later. >> >> Also, if we did have multiple levels per socket, that would not change >> ZAP. The server would just make multiple ZAP requests, one per >> mechanism... >> >> -Pieter >> >> On Fri, Aug 23, 2013 at 7:44 PM, Jeremy Rossi <[email protected]> wrote: >>> I have been spending sometime with zeromq and zap. With this I am thinking >>> about refactoring the libzmq zap / security code a little to add some >>> features and solve a problem I have. >>> >>> I think we should be able to stack mechanisms. So that you are are able to >>> use ZMQ_CURVE and ZMQ_PLAIN on the same socket. This would allow secure >>> transport of the username/password with out having to manage the keys. >>> Also in my use case would allow the zap provider to learn the public key of >>> a client while still providing authentication for that learning process. >>> >>> To achieve this I think the ZAP frame generation and processing should be >>> moved to stream_engine.cpp and make calls into the mechanisms to gather the >>> needed information to send to zap endpoint. >>> >>> Figured I would start the chat before working on code and get some feedback. >>> >>> >>> _______________________________________________ >>> zeromq-dev mailing list >>> [email protected] >>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev >> > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
