Christian Hergert is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Christian Hergert @hergertme

If you are doing automatic connections to peers on a local network, you probably want to be using TLS these days.

Using TLS generally requires a CN to validate. But you can use self-signed certs and TOFU (Trust on First Use) in some cases

Doing that requires generating keys. And generating keys requires using something like openssl. And learning openssl is a pain in the ass.

So I made a helper to asynchronously generate a GTlsCertificate for use in your glib/gtk apps.

github.com/chergert/gtls-certi

· Web · 4 · 8

@hergertme typedef GTlsCertificate GLetsEncrypt perhaps?

Seriously, this is *very* cool. Thanks for tying up loose ends, as ever :)

@federicomena I rather like the SSH TOFU design for services on my local network. Is this you? Yes, move on.

@federicomena I think the pratical step as part of doing this well might be pairing code a'la bluetooth (maybe using real words though) on both sides.

Match? Good, great, grand.

@hergertme yes, that would be extra nice. For example, @juanlibres wanted something like that for the setup phase of his spirulina sensors. Get a sensor gadget - plug it to your home net - how do you pair it with the data collection server.

@federicomena @hergertme nice! I've been using CurveCP & NaCl, via curvemq.org, for point-to-point encryption, and github.com/zeromq/zyre for peer-to-peer auto-discovery. The rfc for zyre is a neat place for ideas, I'd say. rfc.zeromq.org/spec:36/ZRE/