[nanomsg] Re: The name service for nanomsg
- From: william eddie <willmeddie@xxxxxxxxx>
- To: nanomsg@xxxxxxxxxxxxx
- Date: Tue, 10 Sep 2013 11:19:10 +1000
Surely a centralized KDC, is a benefit for security. Administrators can
worry about the single point of failure.
the devices are presumed secure then TLS would be sufficient
If you make that assumption, you could use the gssapi security contexts to
share a symmetric key with subscribers. Authorization, and authentication
is done for you by the kerberos KDC with minimal effort.
On 10 September 2013 10:32, Nico Williams <nico@xxxxxxxxxxxxxxxx> wrote:
>
> On Sep 9, 2013 7:03 PM, "william eddie" <willmeddie@xxxxxxxxx> wrote:
> > Kerberos and GSSAPI provides a message based api. With end to end
> message integrity, and optional encryption. Is there any reason no-one
> has mentioned kerberos for nanomsg security? The GSSAPI looks like it would
> fit quite neatly into the transport layer.
>
> Yes! On IRC. Note that GSS is only good for two-party comms, not so much
> (i.e., not at all) for multicast-type patterns, but it can be used to build
> a multicast pattern. Multicast security is a well-trod subject.
>
> Nico
> --
>
Other related posts:
