[rabbitmq-discuss] ssl certificate to client lookup

• Previous message: [rabbitmq-discuss] ssl certificate to client lookup
• Next message: [rabbitmq-discuss] ssl certificate to client lookup
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lionel,

Lionel Cons wrote:
> Matthew Sackman <matthew at rabbitmq.com> writes:
>> On Thu, Jun 24, 2010 at 03:13:20PM -0600, Nathaniel Haggard wrote:
>>> It would be nice if rabbitmq set a header in messages with some
>>> metadata from the x509 certificate used to establish the ssl
>>> connection.
>> Err, why?
> 
> FWIW, we currently rely on this functionality: we use X.509 for
> authetication and we need to track down who sent a given message
> (think JMSXUserID as per http://activemq.apache.org/jmsxuserid.html).

Couldn't you simply get the sender to sign the message and the recipient 
to verify the signature? That requires the recipients to know the public 
keys of the senders, but I suspect in most systems where recipients care 
about the sender identity that would not be hard to arrange.

Matthias.

• Previous message: [rabbitmq-discuss] ssl certificate to client lookup
• Next message: [rabbitmq-discuss] ssl certificate to client lookup
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]