AW: Web Key Service server lookup

Peter Lebbing peter at
Tue Nov 1 16:14:00 CET 2016

On 01/11/16 12:49, Jürgen Schäpker wrote:
> Another potential issue in the draft: the domain-part seems to be taken from
> the request URL. In a number of hosting configurations, e.g. via reverse
> proxy, the request URL might by default be rewritten (though in some
> configurations it might be recoverable from X-Forwarded-Host header). In case
> the original requester host cannot be determined, this would create potential
> collisions on WKDs answering for multiple domains, e.g. it couldn't discern
> the hashes for joe at and joe at

So this is a webserver that serves the exact same for any request for the site
at and the site at and this is not an explicit
decision by the admin but a consequence of limitations of the setup? Sounds
esoteric enough to ignore to me.

My 2 cents,


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-devel mailing list