Hi Greg,
As far as I know, encryption is per socket. So you can have one context,
and in this context, one CURVE socket for the wild, and one NULL socket
for your homeland.
Laurent
Le 31/03/2014 21:12, Greg Ward a écrit :
Hi all --
I'm helping maintain a ZeroMQ-based system that currently uses a
homebrew cryptosystem on top of libzmq 3.2.4. Obviously I'd like to
upgrade to curve and libzmq 4. While I'm doing that, I'd like to
change it so that only untrusted connections (across the Internet) are
subject to encryption and authentication. Connections within our data
center do not need the overhead.
My understanding is that encryption/authentication is per-context, so
the server process that talks to both remote hosts (across the
Internet) and local hosts (inside our data center) would need *two*
contexts. Is this correct?
My rationale, incidentally, is twofold: 1) reduce administrative
overhead, 2) reduce latency. Of course we need to maintain keys and
certificates for the hosts that we talk to out there on the Internet,
but it's annoying that we have to maintain them for hosts inside our
data center. I'd like to get rid of that. I also want to ditch the
overhead (network and CPU) of crypto + authentication when we don't
need it. Not sure how big a factor that is with libzmq 4, but it's
definitely a factor with our current homebrew cryptosystem.
Greg
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
