Hi Pieter,
I need your lights please on the authentication mechanisms. Are these
two assertions correct ?
In s_produce_welcome, you comment (l 544) that you safely generate a
transient keypair, since Client is authenticated, what is performed with
Box [64 * %x0](C'->S) that proves Client knows S.
Then, we have the ZAP authentication into s_process_initiate :
s_authenticate_peer (self) (l 693). This is a second stage of
authentication, here based on a valid C provided by the Client, and
known by the Server from other means. In zap_authenticator (l 1034), you
comment : Rest of request contains client public key. So if we want this
authentication based on C, we would compare the received key with the
known one. We could also use any authentication algorithm as you present
it in the ZAP RFC.
Cheers,
Laurent.
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
