[nanomsg] Re: end-to-end security

  • From: Garrett D'Amore <garrett@xxxxxxxxxx>
  • To: nanomsg@xxxxxxxxxxxxx, Martin Sustrik <sustrik@xxxxxxxxxx>
  • Date: Wed, 12 Mar 2014 08:07:49 -0700

On March 12, 2014 at 6:41:55 AM, Martin Sustrik (sustrik@xxxxxxxxxx) wrote:
Hash: SHA1 

Hi Alex, 

Very good analysis. It nicely demonstrates the point that building 
security on SP level is a non-trivial problem. 
Agreed.  In many respects parallel to the problems faced with IPsec, etc.  
Defining your threats is key.

It may be that we have to step back an look at the problem from 10,000 
feet perspective: What is a topology? An interconnected cloud of 
clients. What does security mean is such environment? Declining 
unauthorised people to access the topology? Something more 
fine-grained? Etc. 

I think the transport-layer security stuff some of us (me?) have been talking 
about is targetted primarily at protecting the fabric/topology, or at least 
some parts of it.  That is unauthorized parties ought neither to be able to see 
the content of exchanges nor to be able to inject messages of their own.

Nothing I’m proposing tries to hide the identities of the parties who are 

I’ve also proposed that for some classes of applications, the work we’d have 
done to secure access to the fabric could be extended to provide knowledge to 
applications about the participants, to be used for application specific 
purposes (authorization checks).  Its not clear that it would be easy to make 
this work in the face of all the patterns we’d wish it to — particularly those 
where there is a device or other party in the middle, but I think there are is 
a rather large set of applications where it *would* be useful.  (I suspect that 
deployments involving devices are less common than those without.  But I have 
no market analysis to support that guess.)

Anyway, I think it’s probably time to stop talking about all this, and show 
some code.  I need some more time, but its coming. :-)

        - Garrett

Other related posts: