"The NULL mechanism provides no security credentials but allows a server to filter bogus clients on the basis of IP address."
I don't think we should provide the NULL mechanism as an option. There are better ways to do IP filtering. I also don't like that NULL provides encryption without authentication. I think there should be at most two options:
Encryption and authentication via the CURVE mechanism
No encryption and no authentication via the --developer-mode (or some other explicit parameter like --no-encryption or --no-security)
And it looks like we want to drop that second option anyway (see #835).
According to https://rfc.zeromq.org/spec:27/ZAP:
"The NULL mechanism provides no security credentials but allows a server to filter bogus clients on the basis of IP address."
I don't think we should provide the NULL mechanism as an option. There are better ways to do IP filtering. I also don't like that NULL provides encryption without authentication. I think there should be at most two options:
--developer-mode
(or some other explicit parameter like--no-encryption
or--no-security
)And it looks like we want to drop that second option anyway (see #835).
Also see #541.