On Mon, Jan 19, 2015 at 2:41 PM, André Caron <[email protected]> wrote:
> If a peer is rejected by curve authentication, does ZMQ automatic > reconnection still work (and will it successfully connect once the "server" > receives the public key)? This is the part I'm not happy with. The client side used to retry. However that is pathological in normal cases and so now it doesn't any more. What I'd suggested was rather to use the certificate server live, for authentication. This is easy enough using ZAP. There's an example in the reference implementation for the ZAP spec, see https://github.com/zeromq/rfc/blob/master/src/spec_27.c This adds a little latency to connections. Your ZAP handler could trivially cache certificates so that this only hits the first time. Such a directory manager is a missing piece of the security puzzle. -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
