[Bro-Dev] 0MQ security considerations

Gilbert Clark gc355804 at ohio.edu
Thu Jul 7 12:31:37 PDT 2011


> I didn't try, but don't think it helps.  As a general scenario, let's
> say a client and server both complete a handshake over 0MQ (DTLS, SSL,
> TLS, whichever), but after a while of exchanging app. data, the client
> crashes.
>
> In any protocol, session resuming is supported provided that the client
> saves some state (session ID, master secret).  We could do that (don't
> think we want to), but another question is how can the server know
> that the client will ever return?  That seems to require implementing
> a heartbeat and DTLS seems to just rely on retransmission timers during
> the handshake?
>

Okay, that makes sense.

Speaking of heartbeats though, what about implementing an 
application-level heartbeat and forcing the connection closed if X are 
missed (something like IRC's PING / PONG)?  It's not optimal, but it 
might be a workaround in the short term (e.g. until 0mq acquires 
something native).

--Gilbert



More information about the bro-dev mailing list