Geminispace is (currently) small enough that we can afford to download all known capsules' TLS certificates and use them to generate trust stores for various Gemini clients. If verified via multiple network perspectives, using a pre-generated trust store is a major improvement over blindly trusting-on-first-use.
1. [All TLS certificates](certs/) of capsules listed on [geminispace.info](gemini://geminispace.info/known-hosts) and [Lupa](gemini://gemini.bortzmeyer.org/software/lupa/lupa-capsules.txt), updated about once per week. This gives us a history of certificates in Geminispace, starting in 2021-04-27.
2. A table containing details about each certificate ([markdown](cert-details.md) and [CSV](cert-details.csv)).
3. Trust stores for various Gemini clients, currently:
* [Agunua](agunua/)
* [Amfora](amfora/)
* [Lagrange](lagrange/)
You can find instructions on how to use them in their respective directories.
The scripts used to generate these files are available [here](https://tildegit.org/nervuri/trust-store-generators). The Tor option is used, so [most](log-stderr) certificates are attested to from at least two network perspectives.
All commits are signed with [this GPG key](https://nervuri.net/keys/) (B769BD004A417E3A5A902DD1C4769EEA7BA61672).
You don't need to trust that I am publishing the correct certificates. [The scripts](https://tildegit.org/nervuri/trust-store-generators) should be easy to understand; I encourage you to run them yourselves and generate these files from your own network perspectives. If the results don't coincide with what I've published, please [let me know](https://nervuri.net/contact).
## How to contribute
The project is hosted [at tildegit.org](https://tildegit.org/nervuri/trust-stores). If you don't want to make an account, just [shoot me an email](https://nervuri.net/contact) with your [patch](https://git-send-email.io/)/suggestion/bug report/whatever else.
