Support encryption for the kernel protocol over ZMQ

[davidbrochart]

Kernel messages are currently signed, preventing e.g. from running code that doesn't originate from a trusted source, but the code of an execution request is still sent unencrypted over the wire. Even if it's bad practice, passwords or sensitive information could be intercepted.
Would it make sense to support encryption for the kernel protocol over ZMQ? I'm thinking about remote kernels that wouldn't run on the same machine as the Jupyter server.

[minrk]

I implemented this in ipyparallel and pre-proposed a JEP: jupyter/enhancement-proposals#75 . I didn't go all the way to a JEP yet, because almost all of the work is in the transition / backward-compatibility, not the implementation itself.

It's definitely doable and I think a good idea. I do think using zmq's CURVE is the way to go, and not defining our own encryption standards.

[davidbrochart]

Thanks for the references @minrk, good to know that you already implemented it in ipyparallel. Looking forward to the JEP!