[rabbitmq-discuss] AMQP authentication with RabbitMQ

• Previous message: [rabbitmq-discuss] AMQP authentication with RabbitMQ
• Next message: [rabbitmq-discuss] AMQP authentication with RabbitMQ
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Darien,

Darien Kindlund wrote:
> Couple of basic questions:
> 1) So, for reference, would we call this AMQPS, AMQP-SSL, or SAMPQ ?

Does it have to have a name?

> 2) Are you planning on supporting CRLs and/or OCSP for certificate revocation?
> 3) Can we specify the cipher strength?

We support whatever the Erlang SSL implementation supports. See 
http://www.erlang.org/doc/man/new_ssl.html for details. That's a moving 
target, and ATM the answers to the above are 'no' and 'yes'.

> 4) Okay once SSL is supported natively, do you think a future version
> of RabbitMQ would be able to map particular subjectDNs to existing
> username/password credentials?  It would be really nice if clients
> could authenticate with only client certs and nothing else.
> 
> I'm guessing #4 may actually break the existing AMQP spec, since we're
> talking about bypassing username/password authentication.  If that's
> the case, I'm not sure if you typically wait for the spec to get
> ratified before implementing any experimental features, such as this.

AMQP has some built-in support for negotiating different security 
mechanisms, so your latter concern isn't an issue. Making the necessary 
changes at the server and client end would take some time, but it 
shouldn't be a big job. Perhaps this is something you could have a stab 
at yourself once the new SSL support has landed?


Regards,

Matthias.

• Previous message: [rabbitmq-discuss] AMQP authentication with RabbitMQ
• Next message: [rabbitmq-discuss] AMQP authentication with RabbitMQ
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]