Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support encryption for the kernel protocol over ZMQ #808

Open
davidbrochart opened this issue Jun 15, 2022 · 2 comments
Open

Support encryption for the kernel protocol over ZMQ #808

davidbrochart opened this issue Jun 15, 2022 · 2 comments

Comments

@davidbrochart
Copy link
Member

Kernel messages are currently signed, preventing e.g. from running code that doesn't originate from a trusted source, but the code of an execution request is still sent unencrypted over the wire. Even if it's bad practice, passwords or sensitive information could be intercepted.
Would it make sense to support encryption for the kernel protocol over ZMQ? I'm thinking about remote kernels that wouldn't run on the same machine as the Jupyter server.
@minrk
Copy link
Member

minrk commented Jun 16, 2022

I implemented this in ipyparallel and pre-proposed a JEP: jupyter/enhancement-proposals#75 . I didn't go all the way to a JEP yet, because almost all of the work is in the transition / backward-compatibility, not the implementation itself.

It's definitely doable and I think a good idea. I do think using zmq's CURVE is the way to go, and not defining our own encryption standards.

@davidbrochart
Copy link
Member Author

Thanks for the references @minrk, good to know that you already implemented it in ipyparallel. Looking forward to the JEP!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@minrk @davidbrochart