On Saturday, June 14, 2014, Drew Crawford <drew@xxxxxxxxxxxxxxxxxx> wrote: > You've wandered into what is potentially one of the more flamewar-risky > topics. > > In the interests of avoiding a flamewar I will try to state the facts that > I understand to be generally-agreeable. > > There is no particular consensus on how (or if) authentication should be > implemented in nanomsg. There are a lot of strong views, because everybody > on all sides is keenly aware of the importance of getting something like > authentication right. You can see many of these views in prior mailing > list threads on this topic. > > Assuming everybody's position is about the same as it was during the > relevant threads, I don't think there is likely to be substantial progress > on achieving further consensus in the immediate future. > > Drew > > On Jun 14, 2014, at 6:48 AM, crocket <crockabiscuit@xxxxxxxxx > <javascript:;>> wrote: > > > I personally do not like TLS for authentication because maintaining > > TLS certificates has been a nightmare for sysadmins like me. > > I was pretty much impressed by ZeroMQ authentication when I read > > pieter's blog articles. > > I also thought about using ZeroMQ authentication for website logins, > > but public key authentication looked too complex for ordinary facebook > > users to use. > > Do you think secure authentication is a good idea for nanomsg? If it > > is so, how would you want to implement authentication in nanomsg? > > > > > > On Sat, Jun 14, 2014 at 6:49 PM, Martin Sustrik <sustrik@xxxxxxxxxx > <javascript:;>> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> On 14/06/14 11:31, crocket wrote: > >>> I read about SSL/TLS security in this mailing list before. Which > >>> security mechanisms do people have in mind? > >> > >> The discussion was in context of hop-by-hop encryption of data passed > >> over TCP connections. > >> > >> Martin > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.11 (GNU/Linux) > >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > >> > >> iQEcBAEBAgAGBQJTnBqMAAoJENTpVjxCNN9YyBsH/ilUrlUW8Q2odqf5vaWlRgtA > >> d+2/tFOcFTngw1Mi0lYa0XFiLvo6TTJypnJcCQdv3MsrCJzrryfTuRiJRnlEqvGM > >> f3LsUBSjFX4yoqvcB8E039G+GM8frLhpYajg9vlobLyb73vnbjkHFPvw3yAENNNF > >> ygNoY4Q+oZVZT2ilFJ7ecQt6EVuwUdA0H8fhyuPfAWzxOlGFccUzTPELs4TLZg4+ > >> yBeq3sUlYoClJVLkQaKqpZpfUIGEEVP0rWk4pC4u6CdhZgoFLMfrDErBGhDUSpO1 > >> 9zpa1DA2GeITEKGyAU8IkUvwlxbI2lV+Suy25Qr/bIsqkl96h4r5PmoOKiInS3U= > >> =7pUr > >> -----END PGP SIGNATURE----- > >> > > > > > In that spirit: What mechanisms are missing from nanomsg that make it difficult to integrate it into an existing security layer? If none, or those could be addressed, then I believe that you'd be a tutorial away from something valuable. -Andrew