If you are doing automatic connections to peers on a local network, you probably want to be using TLS these days.

Using TLS generally requires a CN to validate. But you can use self-signed certs and TOFU (Trust on First Use) in some cases

Doing that requires generating keys. And generating keys requires using something like openssl. And learning openssl is a pain in the ass.

So I made a helper to asynchronously generate a GTlsCertificate for use in your glib/gtk apps.


@hergertme typedef GTlsCertificate GLetsEncrypt perhaps?

Seriously, this is *very* cool. Thanks for tying up loose ends, as ever :)

@federicomena I rather like the SSH TOFU design for services on my local network. Is this you? Yes, move on.

Christian Hergert

@federicomena I think the pratical step as part of doing this well might be pairing code a'la bluetooth (maybe using real words though) on both sides.

Match? Good, great, grand.

@hergertme yes, that would be extra nice. For example, @juanlibres wanted something like that for the setup phase of his spirulina sensors. Get a sensor gadget - plug it to your home net - how do you pair it with the data collection server.

@federicomena @hergertme nice! I've been using CurveCP & NaCl, via curvemq.org, for point-to-point encryption, and github.com/zeromq/zyre for peer-to-peer auto-discovery. The rfc for zyre is a neat place for ideas, I'd say. rfc.zeromq.org/spec:36/ZRE/

Sign in to participate in the conversation

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!