Christian Hergert is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Christian Hergert @hergertme

If you are doing automatic connections to peers on a local network, you probably want to be using TLS these days.

Using TLS generally requires a CN to validate. But you can use self-signed certs and TOFU (Trust on First Use) in some cases

Doing that requires generating keys. And generating keys requires using something like openssl. And learning openssl is a pain in the ass.

So I made a helper to asynchronously generate a GTlsCertificate for use in your glib/gtk apps.

· Web · 4 · 8

@hergertme typedef GTlsCertificate GLetsEncrypt perhaps?

Seriously, this is *very* cool. Thanks for tying up loose ends, as ever :)

@federicomena I rather like the SSH TOFU design for services on my local network. Is this you? Yes, move on.

@federicomena I think the pratical step as part of doing this well might be pairing code a'la bluetooth (maybe using real words though) on both sides.

Match? Good, great, grand.

@hergertme yes, that would be extra nice. For example, @juanlibres wanted something like that for the setup phase of his spirulina sensors. Get a sensor gadget - plug it to your home net - how do you pair it with the data collection server.

@federicomena @hergertme nice! I've been using CurveCP & NaCl, via, for point-to-point encryption, and for peer-to-peer auto-discovery. The rfc for zyre is a neat place for ideas, I'd say.