Hello all, I've been working on a secure peer to peer, tag labelled PUB/SUB system with permission using SQLite and ZMQ on and off for a while ( https://github.com/charlesrwest/societyOfMachines). One issue I am still working out is the best way to do NAT proxies without breaking security.
The simple way to act as a proxy would be just to make a ZMQ socket on each side and forward the data. The problem with that is that this would require the data to be unencryped on one side, copied and reencrypted. This introduces both overhead and allows the proxy to snoop (bad for general principles). An ideal way of dealing with it would be to do direct TCP rerouting, but that would require the TCP segments coming in and out of the proxy's client to have IP in IP encapsulation. If I may ask, is there any way to apply IP in IP encapsulation to the packets sent by ZMQ sockets? Alternatively, do you guys know of a better way to make a proxy that can't snoop on the encrypted data? Thanks, Charlie West
_______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev