AW: WKD for separate email hosting? (Is: Web Key Service server lookup)

Jürgen Schäpker Juergen.Schaepker at
Wed Nov 2 13:12:30 CET 2016


>the whole benefit of using a standard second domain name like 
> would be that that can be hosted on a second 
>domain. And for email-only hosters that the server behind this second domian 
>can serve many second domains, e.g.

The big benefit is a much easier setup or in some cases the only way setting up WKD at all.

>As owner I would need to get "*" and transfer the
>private keys of the cert to my email hoster. And the owner of
>needs to be do the same. Then a technique as SNI has to be applied to
>the one IP address for the server to serve both certs and the DNS entries
>have to be made.

Your use case seems to be only/primarily Mail Service Providers. 

My concern is for small/medium business entities who don't use an MSP but just their own email server, possibly forwarded and gatewayed through whatever. They should be able to simply use a subdomain if they want to.

Or is the standard by itself only intended for private use?

>This looks more complicated on the onside  than to let the https server on 
> proxy to my mailprovider's server over TLS and deliver 
>the result.

Many small/medium businesses who use cheap webhosting services have no control over redirection on the server that hosts their Mail is often routed to a completely different system. The use case here is that they should be able to set up a WKD server easily.

Best regards,

More information about the Gnupg-devel mailing list