WKD for separate email hosting? (Is: Web Key Service server lookup)

Bernhard Reiter bernhard at intevation.de
Wed Nov 2 10:31:30 CET 2016


Am Dienstag 01 November 2016 12:49:59 schrieb Jürgen Schäpker:
> >However the problem is that we'd need a TLS certificate for the subdomain.
> >That is even harder than getting a TLS cert for the example.org domain,
> >so it does not seem to be a good solution.
> I would think this is usually solved by wildcard certificates.

the whole benefit of using a standard second domain name like 
pubkeys.example.org would be that that can be hosted on a second 
domain. And for email-only hosters that the server behind this second domian 
can serve many second domains, e.g.

As example.org owner I would need to get "*.example.org" and transfer the
private keys of the cert to my email hoster. And the owner of example.com
needs to be do the same. Then a technique as SNI has to be applied to
the one IP address for the server to serve both certs and the DNS entries
have to be made.

This looks more complicated on the onside  than to let the https server on 
https://example.org proxy to my mailprovider's server over TLS and deliver 
the result.

Best Regards,

www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20161102/3d853b9b/attachment.sig>

More information about the Gnupg-devel mailing list