[Bro-Dev] 0MQ security considerations
Jonathan Siwek
jsiwek at ncsa.illinois.edu
Thu Jul 7 10:24:17 PDT 2011
> What about DTLS? I think OpenSSL supports that, but I'm not sure how
> well.
>
> I would see that protocol mapping more naturally to 0mq's idea of
> messages and / or disconnected transports, and the connection
> emulation it provides *might* work on top of 0mq.
I didn't try, but don't think it helps. As a general scenario, let's
say a client and server both complete a handshake over 0MQ (DTLS, SSL,
TLS, whichever), but after a while of exchanging app. data, the client
crashes.
In any protocol, session resuming is supported provided that the client
saves some state (session ID, master secret). We could do that (don't
think we want to), but another question is how can the server know
that the client will ever return? That seems to require implementing
a heartbeat and DTLS seems to just rely on retransmission timers during
the handshake?
> (haven't looked at the code yet, so apologies if that's explained
> within :)
Not really, the code is just hacked together, but it's short enough
to read/understand if you want to try anything.
- Jon
More information about the bro-dev
mailing list