jupyter_client icon indicating copy to clipboard operation
jupyter_client copied to clipboard

Published 20 hours ago verified publisher icon jupyter

Support encryption for the kernel protocol over ZMQ

Open davidbrochart opened this issue 2 years ago • 2 comments

Kernel messages are currently signed, preventing e.g. from running code that doesn't originate from a trusted source, but the code of an execution request is still sent unencrypted over the wire. Even if it's bad practice, passwords or sensitive information could be intercepted. Would it make sense to support encryption for the kernel protocol over ZMQ? I'm thinking about remote kernels that wouldn't run on the same machine as the Jupyter server.

davidbrochart avatar Jun 15 '22 21:06 davidbrochart

I implemented this in ipyparallel and pre-proposed a JEP: https://github.com/jupyter/enhancement-proposals/issues/75 . I didn't go all the way to a JEP yet, because almost all of the work is in the transition / backward-compatibility, not the implementation itself.

It's definitely doable and I think a good idea. I do think using zmq's CURVE is the way to go, and not defining our own encryption standards.

minrk avatar Jun 16 '22 09:06 minrk

Thanks for the references @minrk, good to know that you already implemented it in ipyparallel. Looking forward to the JEP!

davidbrochart avatar Jun 16 '22 09:06 davidbrochart