Galène videoconferencing server discussion list archives
 help / color / mirror / Atom feed
From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Dave Taht <dave.taht@gmail.com>, Juliusz Chroboczek <jch@irif.fr>
Cc: "Michael Ströder" <michael@stroeder.com>, galene@lists.galene.org
Subject: [Galene]  Re: Heads up: Galène generates self-signed certificates
Date: Wed, 24 Feb 2021 22:55:10 +0100	[thread overview]
Message-ID: <8735xl2ksh.fsf@toke.dk> (raw)
In-Reply-To: <CAA93jw4U7wCKRyCv9WzqZTN_4SyrzFSuSARkJKPaK2EpT3K9sg@mail.gmail.com>

Dave Taht <dave.taht@gmail.com> writes:

> Several notes.
>
> I strongly agree with being able to generate a self signed cert.
> Especially if you are operating a server that is off the internet,
> it's difficult to get a cert via let's encrypt,
> and asking folk to run the openssl command line is just asking for trouble.
>
> The CA authority argument has always smelt of the old key escrow argument, and
> I vastly prefer to not register some things with any centralized
> authority and explain to potential users that's why it isn't
> registered and that the "invalid cert" thing is misleading.
>
> I however wouldn't mind if that there was a command within galene to
> fire off the lets encrypt facility if a box is on the public internet
> and has working dns. shell out to acme, I think....

Or just use a Go implementation of the ACME protocol:
https://go-acme.github.io/lego/usage/library/

However, since Galene won't persist anything to disk, I'm not sure if
this is actually a good idea; you'd need to get a new cert every time
you restart the daemon, which I'm not sure is a good idea (it will
likely get you throttled, if nothing else).

-Toke

  reply	other threads:[~2021-02-24 21:55 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-24 19:30 [Galene] " Juliusz Chroboczek
2021-02-24 19:47 ` [Galene] " Michael Ströder
2021-02-24 21:16   ` Juliusz Chroboczek
2021-02-24 21:24     ` Juliusz Chroboczek
2021-02-24 21:29       ` Dave Taht
2021-02-24 21:55         ` Toke Høiland-Jørgensen [this message]
2021-02-24 21:57         ` Michael Ströder
2021-02-24 22:25           ` Juliusz Chroboczek
2021-02-24 22:02         ` Juliusz Chroboczek
2021-02-24 21:44     ` Michael Ströder

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8735xl2ksh.fsf@toke.dk \
    --to=toke@toke.dk \
    --cc=dave.taht@gmail.com \
    --cc=galene@lists.galene.org \
    --cc=jch@irif.fr \
    --cc=michael@stroeder.com \
    --subject='[Galene]  Re: Heads up: Galène generates self-signed certificates' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox