Federico Mena Quintero is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

If you are doing automatic connections to peers on a local network, you probably want to be using TLS these days.

Using TLS generally requires a CN to validate. But you can use self-signed certs and TOFU (Trust on First Use) in some cases

Doing that requires generating keys. And generating keys requires using something like openssl. And learning openssl is a pain in the ass.

So I made a helper to asynchronously generate a GTlsCertificate for use in your glib/gtk apps.


Federico Mena Quintero @federicomena

@hergertme typedef GTlsCertificate GLetsEncrypt perhaps?

Seriously, this is *very* cool. Thanks for tying up loose ends, as ever :)

· Web · 0 · 1

@federicomena I rather like the SSH TOFU design for services on my local network. Is this you? Yes, move on.

@federicomena I think the pratical step as part of doing this well might be pairing code a'la bluetooth (maybe using real words though) on both sides.

Match? Good, great, grand.

@hergertme yes, that would be extra nice. For example, @juanlibres wanted something like that for the setup phase of his spirulina sensors. Get a sensor gadget - plug it to your home net - how do you pair it with the data collection server.

@federicomena @hergertme nice! I've been using CurveCP & NaCl, via curvemq.org, for point-to-point encryption, and github.com/zeromq/zyre for peer-to-peer auto-discovery. The rfc for zyre is a neat place for ideas, I'd say. rfc.zeromq.org/spec:36/ZRE/