Hello, I've been digging into the spec for CurveZMQ as part of my efforts to build a secure alternative to ROS. I believe I have figured out what I need to do for the next part, but I thought I should ask to see if I am on the right track and see if there might be better ways that more experienced people know of.
I need to maintain an in-memory list of accepted keys for each socket and have connections for each of those sockets accepted/rejected based on the associated key stores. It looks like once security domains are implemented I will be able to make something of this nature by creating a security domain for each socket and a folder to maintain the allowed certificates for each domain. In the mean time, I could have a context for each socket and its own associated folder (clunky, but works). However, as this is suppose to be a background library, it would be much better if it didn't need to have a folder with write access to do its own book keeping. 27/ZAP - ZeroMQ Authentication Protocol and looking at the source for CZMQ seems to indicate a better way. If I am reading it correctly, ZeroMQ will send any connection requests over to an inproc server with endpoint "inproc://zeromq.zap.01". This server is normally made automatically by CZMQ calls, but it is not necessary that the library creates it. Instead, my code could bind the endpoint and implement its part of the 27/ZAP protocol (the curve part, at least). It can maintain its own list of keys and implement the security domains to allow a unique in-memory store to be kept for each object. If I may ask, does this last solution sound right? Is there any better way to do it? Thank you for your time, Charlie West
_______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev
