WKD for GitHub pages
Ángel
angel at pgp.16bits.net
Sat Jan 9 23:39:25 CET 2021
On 2021-01-09 at 14:37 +0100, Stefan Claas via Gnupg-users wrote:
> I believe GitHub is doing it right, because it is a
> valid option according to their SSL cert data, and Werner simply
> overlooked this option.
It is not. A certificate for *.github.io doesn't cover
openpgpkey.sac001.github.io
See rule #2 of https://tools.ietf.org/html/rfc6125#section-6.4.3
It is also quite normal that they don't have certificates for
"subsubdomains". I don't see an option in GitHub pages to configure
further subdomains, and given that github usernames can't contain dots,
it doesn't seem such "subsubdomains" would be used, so GitHub should
probably stop resolving them.
Best regards
More information about the Gnupg-users
mailing list