[nanomsg] Re: How is security going to be implemented in nanomsg?

From: Garrett D'Amore <garrett@xxxxxxxxxx>
To: "nanomsg@xxxxxxxxxxxxx" <nanomsg@xxxxxxxxxxxxx>
Date: Mon, 16 Jun 2014 19:31:25 -0400

Agreed with the caveat that hop by hop only solves one threat vector and still 
requires basic problem analysis. For example do you need mutual authentication?

Sent from my iPhone

> On Jun 16, 2014, at 3:32 AM, Martin Sustrik <sustrik@xxxxxxxxxx> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Drew,
> 
>> As long as these set of facts are true, it is time to get
>> realistic about what we are doing.  This is a messaging library for
>> use on your private network.  It’s not a general-purpose internet
>> communications library.  By our actions, we prioritize things that
>> are useful for messaging on a private network over things are are
>> useful for internet communication.  With each new plaintext
>> protocol, we increase the difficulty setting for securing nanomsg
>> as a whole.  When you take the limit of the current trajectory, you
>> get a fantastic messaging library. But you don’t get a library that
>> is suitable for deployment on the naked Internet.
> 
> - From my point of view the matter is actually much simpler:
> 
> 1. End-to-end security (whatever it is supposed mean) is a hard
> problem, may require original research and neither nanomsg, nor other
> messaging solution can really solve it today. Luckily though, its
> end-to-end nature means that the solution can be built entirely on top
> of nanomsg and thus anyone can experiment with it, propose solutions,
> package them as libraries etc.
> 
> 2. Before there are viable end-to-end solutions, hop-by-hop is the way
> to address existing security requirements. This is indeed part of
> nanomsg, in form of a new transport (say, TLS-over-TCP) and is doable
> even today. It's also messaging-pattern-agnostic, so it's not even
> that hard to implement.
> 
> Martin
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQEcBAEBAgAGBQJTnp13AAoJENTpVjxCNN9YjJEH/iQjmRFK3ph9F0d/uQH7Z5cn
> zyHSVL1lwkdlQ0QJDuUmxCqIpvpcwpbkdSUNCElSv3lPI8ykjKsq4p4KrqZ5sT4r
> flzMKSbYmKkRD2NTIc3Kem9YhqdUhEFnObE6r1V09b4y48X0UZuMJHgYhbji/5Op
> jHcFWYlCvolCfnm38Z7GtpdKpTy9684SF9oa5yraROxiQi1CYdBp8xR5ewSRfA8c
> HPUqhftSOuTBiYvTgcY9dd2HU0YCTzRRIA66oIbA5CbOU5ZTeLGJW0MfxVTEbcob
> K5XYaHA7TLq3+Bel3gyhXApCq4t7teBSincij8xwl3cXUHiLDC2ceXLLuWqgt9o=
> =/jzs
> -----END PGP SIGNATURE-----
>

References:
- [nanomsg] How is security going to be implemented in nanomsg?
  - From: crocket
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: Martin Sustrik
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: crocket
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: Drew Crawford
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: Andrew Starks
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: Alex Elsayed
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: Drew Crawford
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: crocket
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: Drew Crawford
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: Andrew Starks
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: Alex Elsayed
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: Drew Crawford
- [nanomsg] Re: How is security going to be implemented in nanomsg?
  - From: Martin Sustrik

[nanomsg] Re: How is security going to be implemented in nanomsg?

Other related posts: