cert and key files

[DevinBayly]

In order for the neovim plugin to actually connect to the browser socket with wss: these files must be created and placed in the /tmp directory of the computer running the external editor. It isn't clear to me whether these are files each user should create or have included in the repo.

[DevinBayly]

for intermediate development I'll be working on my own system with non secure websockets. In case this sounds like a terrible idea, see the discussion on the popular extension GhostText which this project is in part based on.

Issue brings up the article on interprocess passwords and security here. I think this issue will only be closed in my mind if Iodide applies for a certificate from Certificate Authority, but it still seems like a bad call to include something like that in the repository, so it likely won't be version controlled here.

[DevinBayly]

Following the conversation in the other thread some more, it seems like using secrets is a way to get around the issue here of interprocess data interception.

Risk being that not only are text areas in iodide potentially up for grabs, there's a chance that browser control could execute a command through the editor as these are more powerful these days and don't simply text edit.

[DevinBayly]

also trying out using a https://letsencrypt.org/ certificate.

[DevinBayly]

doesn't seem like a good option for something like a web extension.

[DevinBayly]

Ok, just chatted with a guy who explained that localhost localhost socket communication doesn't have much possibility for security vulnerability. Closing for now.