[rabbitmq-discuss] ssl certificate to client lookup

Matthias Radestock matthias at rabbitmq.com
Mon Jul 5 22:15:00 BST 2010


Lionel, Nathaniel,

Nathaniel Haggard wrote:
> On Mon, Jun 28, 2010 at 11:46 PM, Lionel Cons <lionel.cons at cern.ch> wrote:
>> In case something bad happens (invalid message, too many messages...),
>> we want to know who sent the offending messages.

That doesn't seem to have anything to do with SSL, intrinsically, i.e. 
one can imagine wanting to know the same even when the clients connect 
w/o ssl.

That raises the question of how exactly to identify the sender of a 
message to a) consumers, and b) administrators. That is a very large can 
of worms, raising issues of trust such as

- How do consumers establish sufficient trust into the server (to supply 
the correct information)?

- How do producers establish sufficient trust into the server (to not 
pass on information about their identity when they do not intent to, to 
not fake such information, etc)?

- How does one deal with proxies/shovels, i.e. entities that relay 
information? Do messages passing through them have their original sender 
info replaced? Or does the proxy/shovel identity get appended somehow?

None of these issues are particular to AMQP, of course, so the AMQP 
working group should built on the work already done in the world of 
securing email, web services, etc. There is an AMQP Security SIG, and it 
may be worth you describing your use case to them, so they can 
incorporate it into their designs.

There is also an issue w.r.t. message fidelity. Currently RabbitMQ 
guarantees that the entire message payload, including headers, is 
transmitted to consumers unaltered. To some users that is a highly 
desirable property of a messaging system.

> If rabbitmqctl list_connections showed the ssl common name in
> client_properties then we could find the queue by joining
> list_connections output with list_queues output on pid and owner_pid
> respectively.

Adding various bits of info extracted from ssl in the list_connections 
output would be quite easy and not run into any of the problems 
mentioned above associated with trying to attach sender identities to 
messages. But ...

Isn't the AMQP user sufficient for this? That can already be shown with 
'rabbitmqctl list_connections'.

Also, I do not understand how queue owner_pids help you here since the 
connections owning the queues are typically from the consumers and not 
the producers.


Regards,

Matthias.


More information about the rabbitmq-discuss mailing list