nervuri
749fe47185
|
||
|---|---|---|
| agunua | ||
| amfora | ||
| certs | ||
| lagrange | ||
| .gitignore | ||
| LICENSE.txt | ||
| README.md | ||
| cert-details.csv | ||
| cert-details.md | ||
| hosts | ||
| log-stderr | ||
| log-stdout | ||
README.md
Gemini Trust Stores
Geminispace is (currently) small enough that we can afford to download all known capsules' TLS certificates and use them to generate trust stores for various Gemini clients. If verified via multiple network perspectives, using a pre-generated trust store is a major improvement over blindly trusting-on-first-use.
This repo contains:
- All TLS certificates of capsules listed in gemini://geminispace.info/known-hosts, updated every few days (no more than a week). This will give us a history of certificates in Geminispace, starting in 2021-04-27.
- A table containing details about each certificate (markdown and CSV).
- Trust stores for various Gemini clients, currently:
You can find instructions on how to use them in their respective directories.
The scripts used to generate these files are available here. The Tor option is used, so most certificates are attested to from at least two network perspectives.
All commits are signed with this GPG key (B769BD004A417E3A5A902DD1C4769EEA7BA61672).
You don't need to trust that I am publishing the correct certificates. The scripts should be easy to understand; I encourage you to run them yourselves and generate these files from your own network perspectives. If the results don't coincide with what I've published, please let me know.
How to contribute
The project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch/suggestion/bug report/whatever else.