On Sun, Jan 18, 2015 at 7:43 PM, André Caron <[email protected]> wrote:
> ... the > Harmony pattern doesn't provide for secure exchange of public keys. It is identical to any pattern. Long term key exchange has to happen out of band. Using router-router changes nothing here. Each peer has its LT key, and each connection negotiates a short term key. > How would you prevent untrusted peers from connecting to your nodes? Using authentication via ZAP (e.g. zauth). > My current solution is to use a directory > service which is known to all nodes prior to joining. it's a fine design and will work with Harmony. In fact you could use Zyre for the peer to peer parts, and a separate protocol for getting public keys from the directory service. Authenticate using ZAP in each node. There's an edge case where a node tries to connect and is rejected as its peer hasn't yet received a key. That can be resolved by using the directory service in real time, to authenticate. -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
