Thank you Pieter !

Le 13/09/2013 13:30, Pieter Hintjens a écrit :
Libzmq and libcurve were being written at the same time, so duplicate
all the code used to implement CurveZMQ. One is C++, one is C.

Libzmq assumes tcp:// as the transport and ties its CURVE security
into connection negotiation as required by the ZMTP protocol.

Libcurve's curve_codec class does not assume any specific transport
and could work over anything that provides an addressable transport
(so not PUB-SUB or PUSH-PULL, but ROUTER-DEALER, HTTP, even email.)

Libcurve's curve_client and curve_server classes are pseudo-sockets
that actually do full I/O over ZMQ. The use case for these is
end-to-end privacy across untrusted servers. I'll show this later with
examples but it's far beyond what anyone needs today.

So in conclusion:

* if you want CURVE security in normal ZMQ apps, use libzmq master
(and soon, 4.0)
* If you want to make CurveZMQ work across arbitrary other transports,
you may enjoy libcurve

And finally, there is scope for extracting the CURVE encoding/decoding
from libzmq and making a pure C codec that is used both in libzmq and
libcurve. If anyone feels like it...

-Pieter



On Fri, Sep 13, 2013 at 1:03 PM, Laurent Alebarde <[email protected]> wrote:
Great article. Thank you Pieter.

Could you please elaborate a little more onto libcurve and libzmq/CURVE
"works at a different level" ? How do they compare exactly ?

Cheers,


Laurent.


Le 13/09/2013 11:58, Pieter Hintjens a écrit :

On Fri, Sep 13, 2013 at 11:02 AM, Laurent Alebarde <[email protected]>
wrote:

Shall I understand that CURVE in libzmq implements the same functionalities
as libcurve, but in C++ and fully integrated to libzmq ? Do we inherit
directly of all the available transports (DEALER/ROUTER, STREAM, REQ/REP,
etc) ? And multi-clients management ?

Yes, that's right. I'm writing this up, here's the latest article:
http://hintjens.com/blog:48

In multi-client, the server uses the same long term key-pair for all
clients, and a dedicated short term key-pair for each socket initialisation
? In my understanding, but I have not yet reviewed the libzmq code, there is
one codec per client, them one short term key-pair per client ?

Yes, indeed.

-Pieter
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev



_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev

_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev

_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev

Reply via email to