[nanomsg] Re: nanomsg and encryption
- From: Martin Sustrik <sustrik@xxxxxxxxxx>
- To: <nanomsg@xxxxxxxxxxxxx>
- Date: Mon, 04 Mar 2013 13:06:35 +0100
On 2013-03-04 12:33, Schmurfy wrote:
That's a question I already asked myself many times but I have yet to
find
a satisfying answer, the problem I see with low level encryption (at
least
in TLS case) is that at this level the library has no idea what is
transmitted and where a message starts and ends, my understanding is
that
it justs use an internal buffer and send it when full or on timeout.
Yes, the encryption layer (say OpenSSL) doesn't care about message
boundaries. It simply encrypts all the data passing through the TCP
connection.
I really feel that having the user code encrypt/decrypt the data would
be
more efficient since at this level we know what a message is and could
decide what to encrypt and how based on this.
The problem is of course different with nanomsg/zmq since the library
knows
where a message starts and ends and could potentially do a better job
that
with a standard tcp socket.
Yes, that's probably the thing to be done in a long run. However, it
would mean solving all the problems mentioned in my previous email and
probably many others.
The best way to proceed would be to implement a simple hop-by-hop
TLS-on-top-of-TCP transport now and treat end-to-end encryption more
like a research project.
The important thing here is that even if end-to-end encryption is
implemented, single hop encryption (tls:// transport) would still have
it's uses: Imagine distribution of stock quotes from New York to London.
The stock quotes are distributed internally in the New York office. The
environment is deemed safe there and thus the messages are not
encrypted. Same applies to the London office. However, the connection
between New York and London is considered insecure and the data should
be encrypted. As can be seen, only single hop within the topology should
be encrypted. End-to-end encrpyption would not help in such scenario.
Martin
Martin
Other related posts:
