AW: WKD for separate email hosting? (Is: Web Key Service server lookup)
Juergen.Schaepker at giepa.de
Wed Nov 2 13:12:30 CET 2016
>the whole benefit of using a standard second domain name like
>pubkeys.example.org would be that that can be hosted on a second
>domain. And for email-only hosters that the server behind this second domian
>can serve many second domains, e.g.
The big benefit is a much easier setup or in some cases the only way setting up WKD at all.
>As example.org owner I would need to get "*.example.org" and transfer the
>private keys of the cert to my email hoster. And the owner of example.com
>needs to be do the same. Then a technique as SNI has to be applied to
>the one IP address for the server to serve both certs and the DNS entries
>have to be made.
Your use case seems to be only/primarily Mail Service Providers.
My concern is for small/medium business entities who don't use an MSP but just their own email server, possibly forwarded and gatewayed through whatever. They should be able to simply use a subdomain if they want to.
Or is the standard by itself only intended for private use?
>This looks more complicated on the onside than to let the https server on
>https://example.org proxy to my mailprovider's server over TLS and deliver
Many small/medium businesses who use cheap webhosting services have no control over redirection on the server that hosts their example.com. Mail is often routed to a completely different system. The use case here is that they should be able to set up a WKD server easily.
More information about the Gnupg-devel