[HN Gopher] Rust and Elixir libraries for end-to-end encrypted s...
___________________________________________________________________
Rust and Elixir libraries for end-to-end encrypted secure
communication
Author : mooreds
Score : 133 points
Date : 2022-09-30 18:05 UTC (4 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| dvdplm wrote:
| What is the business model for this? The enterprise addons?
| mattgreg wrote:
| We have two products. The first is avail under Apache 2 lic.
| The second is available as a paid subscription through AWS
| marketplace.
|
| 1. Ockam Open Source: It's all the protocols, packages, and
| tools (like CLI) for building things.
|
| 2. Ockam Orchestrator: It allows for running small to massive
| scale systems. It's also has add-ons for Okta, Confluent Cloud,
| various DBs...
| mattgreg wrote:
| Aw. Thanks for posting this. Hi, I'm Matt, the CEO at Ockam. If
| anyone has any questions, we are happy to take them on in this
| thread today.
| loceng wrote:
| Does the name Ockam have any relation to Occam's Razor?
| mattgreg wrote:
| Good question. It's a nested reference. I named the company
| Ockam as a tribute to a company that a mentor of mine built
| and ran in the 70's - 2000's. He named his company after
| Occam's Razor.
|
| The full story:
| https://www.ockam.io/blog/whats_behind_the_ockam_name
| aliqot wrote:
| So how did you end up fixing the networked devices issue?
| [deleted]
| gz5 wrote:
| Looks good, Matt, and thanks for open source and SaaS
| flexibility. Can you add to or correct the comparisons to
| OpenZiti and Wireguard to help us frame the sweet spot for
| Ockam?
|
| OpenZiti
|
| In common: mTLS w/ built in PKI mgmt; attribute based access
| control; SDKs to embed in apps.
|
| Different: OpenZiti includes the network overlay as well. Ockam
| add-ons may target other use cases?
|
| Wireguard
|
| In common: E2E encryption; hosted SaaS avail
|
| Different: UDP hole punching; network-level segmentation; no
| mTLS; no app embed
| mwadhwa wrote:
| Great question!
|
| I led the design of Ockam. I am somewhat familiar with
| Wiregaurd and not at all familiar with OpenZiti. All tools
| that are helping us build application that have much much
| smaller vulnerability surfaces are awesome!!
|
| Some things that you can do with Ockam:
|
| 1. Create Noise based secure channels all sorts of multi-hop,
| multi-protocol, network topologies - TCP <> TCP, or TCP <>
| TCP <> TCP, or UDP <> Kafka <> TCP, or BlueTooth <> TCP <>
| TCP etc.
|
| 2. Move end-to-end encrypted data through Kafka, RabbitMQ,
| and other messaging and streaming systems.
|
| 3. Run on small embedded devices (Rust no_std) or run on
| large servers.
|
| 5. Encrypted Relays through Ockam Orchestrator. UDP hole
| puncturing coming soon.
|
| 6. Store keys and run cryptography in hardware or in cloud
| KMS.
|
| 7. Plug into enterprise Identity Providers and Policy
| Providers and enforce Attribute based access control
| policies.
|
| 8. Operate very lightweight credential authorities
|
| 9. Scale Enrollment Protocols, Credentials
| rotation/revocation etc.
|
| and more.
___________________________________________________________________
(page generated 2022-09-30 23:00 UTC)