[nanomsg] Re: How is security going to be implemented in nanomsg?

• From: Garrett D'Amore <garrett@xxxxxxxxxx>
• To: "nanomsg@xxxxxxxxxxxxx" <nanomsg@xxxxxxxxxxxxx>
• Date: Sat, 14 Jun 2014 09:44:32 -0400

Security is a tricky matter indeed.  Different requirements for different 
applications.  

The https transport in mangoes provides transport security.  Handling certs is 
an application matter and is optional on the client side. 

You can still implement application security as you see fit.  That is likely 
the best answer as there is no one size fits all here. 

Sent from my iPhone

> On Jun 14, 2014, at 9:34 AM, Drew Crawford <drew@xxxxxxxxxxxxxxxxxx> wrote:
> 
> You’ve wandered into what is potentially one of the more flamewar-risky 
> topics.
> 
> In the interests of avoiding a flamewar I will try to state the facts that I 
> understand to be generally-agreeable.
> 
> There is no particular consensus on how (or if) authentication should be 
> implemented in nanomsg.  There are a lot of strong views, because everybody 
> on all sides is keenly aware of the importance of getting something like 
> authentication right.  You can see many of these views in prior mailing list 
> threads on this topic.
> 
> Assuming everybody’s position is about the same as it was during the relevant 
> threads, I don’t think there is likely to be substantial progress on 
> achieving further consensus in the immediate future.
> 
> Drew
> 
>> On Jun 14, 2014, at 6:48 AM, crocket <crockabiscuit@xxxxxxxxx> wrote:
>> 
>> I personally do not like TLS for authentication because maintaining
>> TLS certificates has been a nightmare for sysadmins like me.
>> I was pretty much impressed by ZeroMQ authentication when I read
>> pieter's blog articles.
>> I also thought about using ZeroMQ authentication for website logins,
>> but public key authentication looked too complex for ordinary facebook
>> users to use.
>> Do you think secure authentication is a good idea for nanomsg? If it
>> is so, how would you want to implement authentication in nanomsg?
>> 
>> 
>>> On Sat, Jun 14, 2014 at 6:49 PM, Martin Sustrik <sustrik@xxxxxxxxxx> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> 
>>>> On 14/06/14 11:31, crocket wrote:
>>>> I read about SSL/TLS security in this mailing list before. Which
>>>> security mechanisms do people have in mind?
>>> 
>>> The discussion was in context of hop-by-hop encryption of data passed
>>> over TCP connections.
>>> 
>>> Martin
>>> 
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.11 (GNU/Linux)
>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>> 
>>> iQEcBAEBAgAGBQJTnBqMAAoJENTpVjxCNN9YyBsH/ilUrlUW8Q2odqf5vaWlRgtA
>>> d+2/tFOcFTngw1Mi0lYa0XFiLvo6TTJypnJcCQdv3MsrCJzrryfTuRiJRnlEqvGM
>>> f3LsUBSjFX4yoqvcB8E039G+GM8frLhpYajg9vlobLyb73vnbjkHFPvw3yAENNNF
>>> ygNoY4Q+oZVZT2ilFJ7ecQt6EVuwUdA0H8fhyuPfAWzxOlGFccUzTPELs4TLZg4+
>>> yBeq3sUlYoClJVLkQaKqpZpfUIGEEVP0rWk4pC4u6CdhZgoFLMfrDErBGhDUSpO1
>>> 9zpa1DA2GeITEKGyAU8IkUvwlxbI2lV+Suy25Qr/bIsqkl96h4r5PmoOKiInS3U=
>>> =7pUr
>>> -----END PGP SIGNATURE-----
> 
> 

• References:
  • [nanomsg] How is security going to be implemented in nanomsg?
    • From: crocket
  • [nanomsg] Re: How is security going to be implemented in nanomsg?
    • From: Martin Sustrik
  • [nanomsg] Re: How is security going to be implemented in nanomsg?
    • From: crocket
  • [nanomsg] Re: How is security going to be implemented in nanomsg?
    • From: Drew Crawford

Other related posts:

• » [nanomsg] How is security going to be implemented in nanomsg?- crocket
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Martin Sustrik
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- crocket
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Drew Crawford
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Andrew Starks
• » [nanomsg] Re: How is security going to be implemented in nanomsg? - Garrett D'Amore
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Alex Elsayed
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Drew Crawford
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Jason E. Aten
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- crocket
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Drew Crawford
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Andrew Starks
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Alex Elsayed
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Drew Crawford
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Martin Sustrik
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Drew Crawford
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Martin Sustrik
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Achille Roussel
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Michael Powell
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Drew Crawford
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- crocket
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Garrett D'Amore
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Garrett D'Amore
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Garrett D'Amore
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Jason E. Aten
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Drew Crawford
• » [nanomsg] Re: How is security going to be implemented in nanomsg?- Garrett D'Amore

1. Home
2. nanomsg
3. Archive
4. 06-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---