On Wed, 2018-02-14 at 00:17 -0500, John Lane Schultz wrote: > Hi Luca, > > Thanks for the update. I was holding out hope that someone might > have taken a crack at it already. > > Yes, TLS is a pretty complicated protocol that supports tons of > different cipher suites and options. I certainly wouldn’t recommend > reimplementing the protocol natively inside 0MQ. > > I’m just curious about how hard it would be for 0MQ to use (and > expose) a D/TLS implementation instead of TCP / UDP? > > I’m guessing the primary obstacles would be dependence on an external > D/TLS library (which maybe could be addressed with conditional > compilation), how to have a simple 0MQ API that exposes the > functionality / configurability of the D/TLS transport, and possibly > objections to the security models (e.g. - X509 certs, CAs, HMAC then > encrypt, etc.) of TLS itself. > > Thanks, > John
We already support a number of optional transports that require external libraries, like PGM and NORM, so that would not be a problem. If anyone wants to implement it, they would be most welcome. In terms of difficulty, plugging in a new transport is not simple plug&play but neither is too hard - apart from the new mechanism subclass, which should be not too difficult as the interface is fairly small, it would need some changes in a few other places - with those we can help eventually. > On Feb 13, 2018, at 5:42 PM, Luca Boccassi <luca.bocca...@gmail.com> > wrote: > > Hi, > > The situation is the same - security is only supported through Curve > or > Kerberos. > > Not for any particular reason if not that nobody has contributed any > other implementation. This is probably due to the fact that SSL is > awfully, awfully complex (but I understand your requirements. > -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
_______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org https://lists.zeromq.org/mailman/listinfo/zeromq-dev