Agreed with the caveat that hop by hop only solves one threat vector and still requires basic problem analysis. For example do you need mutual authentication? Sent from my iPhone > On Jun 16, 2014, at 3:32 AM, Martin Sustrik <sustrik@xxxxxxxxxx> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Drew, > >> As long as these set of facts are true, it is time to get >> realistic about what we are doing. This is a messaging library for >> use on your private network. It’s not a general-purpose internet >> communications library. By our actions, we prioritize things that >> are useful for messaging on a private network over things are are >> useful for internet communication. With each new plaintext >> protocol, we increase the difficulty setting for securing nanomsg >> as a whole. When you take the limit of the current trajectory, you >> get a fantastic messaging library. But you don’t get a library that >> is suitable for deployment on the naked Internet. > > - From my point of view the matter is actually much simpler: > > 1. End-to-end security (whatever it is supposed mean) is a hard > problem, may require original research and neither nanomsg, nor other > messaging solution can really solve it today. Luckily though, its > end-to-end nature means that the solution can be built entirely on top > of nanomsg and thus anyone can experiment with it, propose solutions, > package them as libraries etc. > > 2. Before there are viable end-to-end solutions, hop-by-hop is the way > to address existing security requirements. This is indeed part of > nanomsg, in form of a new transport (say, TLS-over-TCP) and is doable > even today. It's also messaging-pattern-agnostic, so it's not even > that hard to implement. > > Martin > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQEcBAEBAgAGBQJTnp13AAoJENTpVjxCNN9YjJEH/iQjmRFK3ph9F0d/uQH7Z5cn > zyHSVL1lwkdlQ0QJDuUmxCqIpvpcwpbkdSUNCElSv3lPI8ykjKsq4p4KrqZ5sT4r > flzMKSbYmKkRD2NTIc3Kem9YhqdUhEFnObE6r1V09b4y48X0UZuMJHgYhbji/5Op > jHcFWYlCvolCfnm38Z7GtpdKpTy9684SF9oa5yraROxiQi1CYdBp8xR5ewSRfA8c > HPUqhftSOuTBiYvTgcY9dd2HU0YCTzRRIA66oIbA5CbOU5ZTeLGJW0MfxVTEbcob > K5XYaHA7TLq3+Bel3gyhXApCq4t7teBSincij8xwl3cXUHiLDC2ceXLLuWqgt9o= > =/jzs > -----END PGP SIGNATURE----- >