AW: WKD for separate email hosting? (Is: Web Key Service server lookup)

[Jürgen Schäpker]

Hi,

>the whole benefit of using a standard second domain name like 
>pubkeys.example.org would be that that can be hosted on a second 
>domain. And for email-only hosters that the server behind this second domian 
>can serve many second domains, e.g.
>   pubkeys.example.org
>and
>  pubkeys.example.com

The big benefit is a much easier setup or in some cases the only way setting up WKD at all.

>As example.org owner I would need to get "*.example.org" and transfer the
>private keys of the cert to my email hoster. And the owner of example.com
>needs to be do the same. Then a technique as SNI has to be applied to
>the one IP address for the server to serve both certs and the DNS entries
>have to be made.

Your use case seems to be only/primarily Mail Service Providers. 

My concern is for small/medium business entities who don't use an MSP but just their own email server, possibly forwarded and gatewayed through whatever. They should be able to simply use a subdomain if they want to.

Or is the standard by itself only intended for private use?

>This looks more complicated on the onside  than to let the https server on 
>https://example.org proxy to my mailprovider's server over TLS and deliver 
>the result.

Many small/medium businesses who use cheap webhosting services have no control over redirection on the server that hosts their example.com. Mail is often routed to a completely different system. The use case here is that they should be able to set up a WKD server easily.

Best regards,
JS