[Bro-Dev] 0MQ security considerations
Gilbert Clark
gc355804 at ohio.edu
Thu Jul 7 12:31:37 PDT 2011
> I didn't try, but don't think it helps. As a general scenario, let's
> say a client and server both complete a handshake over 0MQ (DTLS, SSL,
> TLS, whichever), but after a while of exchanging app. data, the client
> crashes.
>
> In any protocol, session resuming is supported provided that the client
> saves some state (session ID, master secret). We could do that (don't
> think we want to), but another question is how can the server know
> that the client will ever return? That seems to require implementing
> a heartbeat and DTLS seems to just rely on retransmission timers during
> the handshake?
>
Okay, that makes sense.
Speaking of heartbeats though, what about implementing an
application-level heartbeat and forcing the connection closed if X are
missed (something like IRC's PING / PONG)? It's not optimal, but it
might be a workaround in the short term (e.g. until 0mq acquires
something native).
--Gilbert
More information about the bro-dev
mailing list