Hi Pieter, Very nice and great job ! Thanks.
One question please : In the Iron House, does the authenticator use some metadata to open directly the right client's certificate, or does it try everyone until it finds a match ?
To be more clear on what I have in mind, let's consider a possible solution : the client generates its certificate with some metadata, the public part is transmitted to the server that checks this metadata is unique in its store or reject the certificate and ask for a new metadata (this process is off libzmq). The server uses this metadata as the client's certificate file name in its store. When the client connects, it sends this metadata to the server in the curve handcheck, so that the server can access directly the right certificate.
Otherwise, if we have thousands certificates and a lot of clients connecting together, we may have a race. I don't know what is the criticity here.
Cheers, Laurent. Le 19/09/2013 23:25, Pieter Hintjens a écrit :
Hi all, I've finished an article explaining the security features in ZeroMQ. http://hintjens.com/blog:49 It works through half a dozen patterns from simplest to most secure. Enjoy! -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
