i want to make a p2p thing
and i want to be able to make a browser version
but i don't want nodes to need domain names to participate
WebTransport fixes this (it has a serverCertificateHashes thing that lets JS code whitelist some certificates) but it requires that self-signed certificates be valid for 14 days or less
so naturally the solution is to make a deterministic function generateCert(serverName, date)1 and run it on both the server and the client with a rounded version of the current date so they both get the same result (the client calculates the previous and next ones too to account for clock skew)
this is janky as hell and makes the TLS useless, but it works :D
-
in Rust, compiled to WebAssembly for the browser, of course