So this may be a very stupid question, but what does a certificate have to hold that is so complex? We have one or two keys, some meta data... why would you'd be thinking of anything more complex than plain text?
For a grid, yes, a certificate server seems the right model. I've not thought about CRLs as we don't have the use case for revocation yet. On Wed, Oct 2, 2013 at 2:22 AM, Tony Arcieri <basc...@gmail.com> wrote: > On Tue, Oct 1, 2013 at 4:21 AM, Pieter Hintjens <p...@imatix.com> wrote: >> >> http://hintjens.com/blog:53 > > > Regarding this specifically: > >> I don't see a way to safely share a certificate without some shared >> secret, or resorting to a third party, CA-style. Even if I encrypt the >> certificate with the recipient's public key, they can't authenticate that >> without knowing my public key in advance. Is there a simple answer to this? > > > It's not possible to establish a secure channel without a prior secure > channel. For infrastructural use of 0MQ I think it would make sense to set > up a certificate authority for a grid, and issue node-specific certificates > which are then signed by the CA. > > Have you thought about how to deal with things like CRLs? > > -- > Tony Arcieri > > _______________________________________________ > zeromq-dev mailing list > zeromq-dev@lists.zeromq.org > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev