WKD for separate email hosting? (Is: Web Key Service server lookup)

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Wed Nov 2 13:29:42 CET 2016

On 11/02/2016 10:31 AM, Bernhard Reiter wrote:
>>> However the problem is that we'd need a TLS certificate for the subdomain.
>>> > >That is even harder than getting a TLS cert for the example.org domain,
>>> > >so it does not seem to be a good solution.
>> >
>> > I would think this is usually solved by wildcard certificates.
> the whole benefit of using a standard second domain name like 
> pubkeys.example.org would be that that can be hosted on a second 
> domain.

I'm not sure if it is worth it still, just as a banal start of
discussion; having a subdomain being used could open up different attack
vectors if a user can control this (pubkeys.github.org user?). And
serving it on a separate server is trivial to do using a reverse proxy
request on the loadbalancer anyways.

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"History repeats itself; historians repeat each other"
(Philip Guedalla)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161102/97f52520/attachment-0001.sig>

More information about the Gnupg-devel mailing list