[HN Gopher] Tessera - a consent-gated tunnel that's blind to you...
       ___________________________________________________________________
        
       Tessera - a consent-gated tunnel that's blind to your traffic
        
       Author : emmanuelkimaswa
       Score  : 16 points
       Date   : 2026-06-10 12:59 UTC (3 days ago)
        
  HTML web link (github.com)
  TEXT w3m dump (github.com)
        
       | emmanuelkimaswa wrote:
       | Tessera is the ten-minute version of remote access: let a
       | teammate reach a service on your machine for one debugging
       | session, then leave nothing behind. No VPN, no static credential,
       | no port left open.
       | 
       | It's consent-gated. The tunnel doesn't exist until you type "y"
       | at your terminal, and the coordinator in the middle is a dumb
       | pipe. A second, end-to-end TLS handshake runs between the two
       | ends, and the CA's private key never leaves the host, so the
       | broker can't impersonate either side or read the payload. Every
       | approval and denial lands in an append-only audit log.
       | 
       | It's pre-1.0 with no independent security review yet, so I
       | wouldn't guard anything sensitive with it. Happy to dig into the
       | design in the comments, especially the trust model and the
       | metadata it does still leak.
        
       | good-idea wrote:
       | This looks great. I've been building some local-first software
       | and trying to think of low-lift ways for people to connect
       | instances with each other - I look forward to trying this out
        
       ___________________________________________________________________
       (page generated 2026-06-14 02:02 UTC)