WKD for separate email hosting? (Is: Web Key Service server lookup)
bernhard at intevation.de
Wed Nov 2 10:31:30 CET 2016
Am Dienstag 01 November 2016 12:49:59 schrieb Jürgen Schäpker:
> >However the problem is that we'd need a TLS certificate for the subdomain.
> >That is even harder than getting a TLS cert for the example.org domain,
> >so it does not seem to be a good solution.
> I would think this is usually solved by wildcard certificates.
the whole benefit of using a standard second domain name like
pubkeys.example.org would be that that can be hosted on a second
domain. And for email-only hosters that the server behind this second domian
can serve many second domains, e.g.
As example.org owner I would need to get "*.example.org" and transfer the
private keys of the cert to my email hoster. And the owner of example.com
needs to be do the same. Then a technique as SNI has to be applied to
the one IP address for the server to serve both certs and the DNS entries
have to be made.
This looks more complicated on the onside than to let the https server on
https://example.org proxy to my mailprovider's server over TLS and deliver
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-devel