[Freedombox-discuss] [Freedom Box] Finding your FB box on the network

[Jonas Smedegaard]

On Fri, Oct 15, 2010 at 10:15:09AM +0200, Christian Brædstrup wrote:
>Googled it and found the first website that looked good:
>http://esw.w3.org/WebID
>I will take a look at the links above. I agree with you that webID 
>would be a great feature but before having tryed to set it up my self I 
>don't know how easy it is.

Investigated some more, and SSL certificates are a mess!

OpenSSL is weird to work with.

Gnutls "certtool" is much simpler, but only supports dns and email URNs 
as AltName, not uri which WebID uses to add a FOAF hint.  Underlying 
code supports it: GNUTLS_SAN_URI.

Task: Write a tiny command-line tool to generate a WebID certificate 
using gnutls. Perhaps using python-gnutls (already in Debian).


What is needed at bootup time is really not a WebID but just *any* 
client-side certificate.  So letøs not let the magic word WebID stall 
progress in other parts: Just generate a plain old classic self-signed 
certificate for testing purposes, and we'll deal with it separately to 
generate ones with that additional FOAF hint (or not, if we decide that 
FOAF is evil or whatever).


The simplest way I have found to create a self-signed client-side 
certificate is to aptitude install gnutls-bin, and follow the few 
example commands at the bottom of certtool manpage.



Possibly related: libepc (packaged for Debian) uses GnuTLS and Avahi to 
securely discover, publish and exchange data on a local network.  
Apparently no binding for scripting languages yet, though.

-- 
  * Jonas Smedegaard - idealist & Internet-arkitekt
  * Tlf.: +45 40843136  Website: http://dr.jones.dk/

  [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20101015/34bc2627/attachment.pgp>