WKD for separate email hosting? (Is: Web Key Service server lookup)
Bernhard Reiter
bernhard at intevation.de
Wed Nov 2 10:31:30 CET 2016
Hi,
Am Dienstag 01 November 2016 12:49:59 schrieb Jürgen Schäpker:
> >However the problem is that we'd need a TLS certificate for the subdomain.
> >That is even harder than getting a TLS cert for the example.org domain,
> >so it does not seem to be a good solution.
>
> I would think this is usually solved by wildcard certificates.
the whole benefit of using a standard second domain name like
pubkeys.example.org would be that that can be hosted on a second
domain. And for email-only hosters that the server behind this second domian
can serve many second domains, e.g.
pubkeys.example.org
and
pubkeys.example.com
As example.org owner I would need to get "*.example.org" and transfer the
private keys of the cert to my email hoster. And the owner of example.com
needs to be do the same. Then a technique as SNI has to be applied to
the one IP address for the server to serve both certs and the DNS entries
have to be made.
This looks more complicated on the onside than to let the https server on
https://example.org proxy to my mailprovider's server over TLS and deliver
the result.
Best Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20161102/3d853b9b/attachment.sig>
More information about the Gnupg-devel
mailing list