forked from zeromq/rfc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
spec_38.txt
28 lines (16 loc) · 2.53 KB
/
spec_38.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
The ZMTP GSSAPI mechanism provides secure authentication and confidentiality for [http://rfc.zeromq.org/spec:23 ZMTP 3.0]. This mechanism utilizes the [http://tools.ietf.org/html/rfc2743 Generic Security Service Application Interface].
* Name: rfc.zeromq.org/spec:38/ZMTP-GSSAPI
* Editor: Chris Busbey <[email protected]>
* State: draft
* See also: http://tools.ietf.org/html/rfc2743
++ Preamble
Copyright (c) 2013 iMatix Corporation.
This Specification is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This Specification is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses>.
This Specification is a [http://www.digistan.org/open-standard:definition free and open standard] and is governed by the Digital Standards Organization's [http://www.digistan.org/spec:1/COSS Consensus-Oriented Specification System].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [http://tools.ietf.org/html/rfc2119 RFC 2119].
++ Goals
The ZMTP GSSAPI mechanism provides secure authentication and confidentiality for [http://rfc.zeromq.org/spec:23 ZMTP 3.0]. This mechanism utilizes the [http://tools.ietf.org/html/rfc2743 Generic Security Service Application Interface], which provides security services to callers in a generic fashion.
++ Implementation
The GSSAPI mechanism uses the greeting as-server field to identify which peer is "client" and which peer is "server".
The mechanism starts with a HELLO command from client to server, and continues with a handshake until each party has authenticated the other and is ready to send confidential information.
All command bodies consist of an 8-character command name, padded with spaces, followed by formatted binary fields. Command bodies may or may not be encrypted dependenting on the underlying security mechanism. The http://rfc.zeromq.org/spec:23 ZMTP 3.0 specification] defines the grammar for the command size. The [ http://tools.ietf.org/html/rfc2743 GSSAPI specification] defines the grammar for the command bodies.