[nanomsg] Re: end-to-end security
- From: Garrett D'Amore <garrett@xxxxxxxxxx>
- To: nanomsg@xxxxxxxxxxxxx, Martin Sustrik <sustrik@xxxxxxxxxx>
- Date: Wed, 12 Mar 2014 08:07:49 -0700
On March 12, 2014 at 6:41:55 AM, Martin Sustrik (sustrik@xxxxxxxxxx) wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Alex,
Very good analysis. It nicely demonstrates the point that building
security on SP level is a non-trivial problem.
Agreed. In many respects parallel to the problems faced with IPsec, etc.
Defining your threats is key.
It may be that we have to step back an look at the problem from 10,000
feet perspective: What is a topology? An interconnected cloud of
clients. What does security mean is such environment? Declining
unauthorised people to access the topology? Something more
fine-grained? Etc.
I think the transport-layer security stuff some of us (me?) have been talking
about is targetted primarily at protecting the fabric/topology, or at least
some parts of it. That is unauthorized parties ought neither to be able to see
the content of exchanges nor to be able to inject messages of their own.
Nothing I’m proposing tries to hide the identities of the parties who are
talking.
I’ve also proposed that for some classes of applications, the work we’d have
done to secure access to the fabric could be extended to provide knowledge to
applications about the participants, to be used for application specific
purposes (authorization checks). Its not clear that it would be easy to make
this work in the face of all the patterns we’d wish it to — particularly those
where there is a device or other party in the middle, but I think there are is
a rather large set of applications where it *would* be useful. (I suspect that
deployments involving devices are less common than those without. But I have
no market analysis to support that guess.)
Anyway, I think it’s probably time to stop talking about all this, and show
some code. I need some more time, but its coming. :-)
- Garrett
Other related posts:
