If you are doing automatic connections to peers on a local network, you probably want to be using TLS these days.

Using TLS generally requires a CN to validate. But you can use self-signed certs and TOFU (Trust on First Use) in some cases

Doing that requires generating keys. And generating keys requires using something like openssl. And learning openssl is a pain in the ass.

So I made a helper to asynchronously generate a GTlsCertificate for use in your glib/gtk apps.


@hergertme typedef GTlsCertificate GLetsEncrypt perhaps?

Seriously, this is *very* cool. Thanks for tying up loose ends, as ever :)

@federicomena I rather like the SSH TOFU design for services on my local network. Is this you? Yes, move on.

@federicomena I think the pratical step as part of doing this well might be pairing code a'la bluetooth (maybe using real words though) on both sides.

Match? Good, great, grand.

Federico Mena Quintero

@hergertme yes, that would be extra nice. For example, @juanlibres wanted something like that for the setup phase of his spirulina sensors. Get a sensor gadget - plug it to your home net - how do you pair it with the data collection server.

@federicomena @hergertme nice! I've been using CurveCP & NaCl, via curvemq.org, for point-to-point encryption, and github.com/zeromq/zyre for peer-to-peer auto-discovery. The rfc for zyre is a neat place for ideas, I'd say. rfc.zeromq.org/spec:36/ZRE/

Sign in to participate in the conversation

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!