[nanomsg] Re: How is security going to be implemented in nanomsg?
- From: Garrett D'Amore <garrett@xxxxxxxxxx>
- To: "nanomsg@xxxxxxxxxxxxx" <nanomsg@xxxxxxxxxxxxx>
- Date: Tue, 17 Jun 2014 10:10:57 -0400
Yes. But your network people should understand that. Advice is still to hire
a real security person. There are people here that can help perhaps for a fee
but it means engaging with them and giving them enough details about your needs
and constraints so that they can design a real security solution.
I can help with referrals or in some limited cases with actual advice but it's
out of band for the purposes of this list. Again you should expect to pay for
this service and be prepared to discuss application specifics. It just isn't
possible to do this with generalities.
Sent from my iPhone
> On Jun 17, 2014, at 1:49 AM, Drew Crawford <drew@xxxxxxxxxxxxxxxxxx> wrote:
>
>
>>
>> Failing that require something like IPSec and let your VPN and network
>> people solve this for you. I guess that is till just hiring security experts
>> in a different way...
>
> Disagree. The best VPN can only save you if you can trust everyone on it.
> (E.g. The enterprise messaging application).
>
> In every other case you need to be hiring cryptographers to build you an
> end-to-end solution, not hiring network people to configure a VPN.
>
> There may be no one-size-fits-all-solution, but that is true across the
> board. It's true for end-to-end, it's true for TLS, and it's true for VPNs.
Other related posts:
