WKD for GitHub pages
Ingo Klöcker
kloecker at kde.org
Sat Jan 9 19:23:24 CET 2021
On Samstag, 9. Januar 2021 15:43:14 CET Stefan Claas via Gnupg-users wrote:
> On Sat, Jan 9, 2021 at 2:37 PM Stefan Claas
> <spam.trap.mailing.lists at gmail.com> wrote:
> > Hi Neal,
> >
> > thanks for the reply, much appreciated! Simply said, for the average
> > user like me, I believe GitHub is doing it right, because it is a
> > valid option according to their SSL cert data, and Werner simply
> > overlooked this option. I will not experiment any further, because I
> > set-up WKD properly, which works with sequoia-pgp, for example. I have
> > not checked other OpenPGP software.
> >
> > And I strongly believe that Werner can fix this issue, if he is
> > willing to do so.
>
> Example: If I would be the host master of the domain bund.de with it's
> many subdomains and authorities would request that WKD, as an
> inexpensive inhouse option, has to be set-up...
>
> IMHO that would be the same case, if I am not mistaken.
No, it's not.
Even if there's foo.bund.de, then there wouldn't be openpgpkey.foo.bund.de
(unless foo.bund.de sets up the advanced variant of WKD).
The problem with GitHub pages is apparently that openpgpkey.sac001.github.io
resolves to an IP address (well, actually multiple addresses):
$ host openpgpkey.sac001.github.io
openpgpkey.sac001.github.io has address 185.199.109.153
openpgpkey.sac001.github.io has address 185.199.108.153
openpgpkey.sac001.github.io has address 185.199.110.153
openpgpkey.sac001.github.io has address 185.199.111.153
OTOH:
$ host -t A bsi.bund.de
bsi.bund.de has address 77.87.229.76
But:
$ host -t A openpgpkey.bsi.bund.de
openpgpkey.bsi.bund.de has no A record
and therefore WKD would fall back to the direct method for bsi.bund.de.
Regards,
Ingo
More information about the Gnupg-users
mailing list