Geminispace is (currently) small enough that we can afford to download all known capsules' TLS certificates and use them to generate trust stores for Gemini clients. If verified via multiple network perspectives, using a pre-generated trust store is a major improvement over blindly trusting-on-first-use. I wrote a set of shell scripts to do this: https://tildegit.org/nervuri/trust-store-generators This is their output (which I will update every few days): https://tildegit.org/nervuri/trust-stores The details are in the README files, so I won't repeat myself too much. The idea is: 1. download the list of hosts from gemini://geminispace.info/known-hosts 2. download those hosts' TLS certificates (and double-check each one via Tor, whenever possible); 3. generate trust stores for various Gemini clients (to start with: Agunua, Amfora and Lagrange). Contributions are welcome. Requests to add specific clients are also welcome (I don't know which ones are the most popular). Existing scripts (ex: [1]) can be used as templates to add trust stores for more clients. [1] https://tildegit.org/nervuri/trust-store-generators/src/branch/master/l agrange/generate-trust-store.sh For each client there are instructions on how to use the generated trust store and merge it with your own (ex: [2]). Merging at the moment is quite simplistic; a mismatch-aware merging method is something I'd like to develop later on. [2] https://tildegit.org/nervuri/trust-stores/src/branch/master/agunua/INSTRUCTIONS.md Of course, you don't need to trust that I am publishing the correct certificates and trust stores. The scripts should be easy to understand (if not, tell me - I consider this to be very important), so run them yourselves and check if my results are replicated from your own network perspectives. If your results don't coincide with what I've published, please let me know. And if you decide to run a public repo, tell me about it. We could set up automatic comparisons of published data to notify us of inconsistencies. What I hope to see eventually is client developers bundling pre-generated trust stores with their clients. This will go a long way towards addressing TOFU's first-connection problem. Probably the big issue with this idea is that client developers may not want to bundle, for instance, Let's Encrypt cert fingerprints, as they change every 2-3 months. They may only want to include long-lived (and long-expired) certificates. So, to allow for this, all generator scripts accept certificate expiry boundaries as arguments (see the README). As a side-effect, this project will give us a history of certificates in Geminispace. And aside from the certificates themselves, we have tables containing details about each certificate, in markdown [3] and CSV [4] formats. [3] https://tildegit.org/nervuri/trust-stores/src/branch/master/cert-details.md [4] https://tildegit.org/nervuri/trust-stores/raw/branch/master/cert-details.csv This project delivers on xq's idea of a distributed trust system [5], because the "certs" directory (containing PEM-encoded certs with filenames corresponding to the host:port [6]), can be freely shared and re-created. The main difference from xq's proposal is that no changes to Gemini clients are required. We don't require the involvement of client developers at all; anyone can write scripts to generate trust stores for any client. Of course, client developers are the ones best suited to write these scripts, so I encourage them especially to contribute and, ideally, to bundle trust stores with their clients (or have a secure, built-in method of downloading a verified Geminispace trust store). [5] gemini://random-projects.net/blog/2021-03-03-distributed-trust.gemini [6] https://tildegit.org/nervuri/trust-stores/src/branch/master/certs P.S. The "certs" directory is currently at 3.4 MB for 839 certificates. It compresses to 560 KB.
---
Next in thread (2 of 15): 🗣️ Anna “CyberTailor” (cyber (a) sysrq.in)