bob
bob copied to clipboard
Be able to use TLS for the SPAKE2+EE handshake
Currently, even if we ensured that no leak was done during our handshake, it will be nice to wrap the exchange into TLS. A question remains, how the relay gemerate and/or use a certificate (specially for MirageOS) and where the certificate should come from. Many solutions exists:
- use an external unikernel like
tlstunnel
to redirect the TLS flow to a clear flow - let our relay to handle by itself the TLS protocol
- ask Let's encrypt to generate our TLS certificate
- generate by ourselve the certificate and give informations of it publicly