[rabbitmq-discuss] ssl certificate to client lookup
Matthias Radestock
matthias at rabbitmq.com
Mon Jun 28 16:56:43 BST 2010
Lionel,
Lionel Cons wrote:
> Matthew Sackman <matthew at rabbitmq.com> writes:
>> On Thu, Jun 24, 2010 at 03:13:20PM -0600, Nathaniel Haggard wrote:
>>> It would be nice if rabbitmq set a header in messages with some
>>> metadata from the x509 certificate used to establish the ssl
>>> connection.
>> Err, why?
>
> FWIW, we currently rely on this functionality: we use X.509 for
> authetication and we need to track down who sent a given message
> (think JMSXUserID as per http://activemq.apache.org/jmsxuserid.html).
Couldn't you simply get the sender to sign the message and the recipient
to verify the signature? That requires the recipients to know the public
keys of the senders, but I suspect in most systems where recipients care
about the sender identity that would not be hard to arrange.
Matthias.
More information about the rabbitmq-discuss
mailing list