WKD for GitHub pages

Ángel angel at pgp.16bits.net
Sat Jan 9 23:39:25 CET 2021

On 2021-01-09 at 14:37 +0100, Stefan Claas via Gnupg-users wrote:
> I believe GitHub is doing it right, because it is a
> valid option according to their SSL cert data, and Werner simply
> overlooked this option.

It is not. A certificate for *.github.io doesn't cover
See rule #2 of https://tools.ietf.org/html/rfc6125#section-6.4.3

It is also quite normal that they don't have certificates for
"subsubdomains". I don't see an option in GitHub pages to configure
further subdomains, and given that github usernames can't contain dots,
it doesn't seem such "subsubdomains" would be used, so GitHub should
probably stop resolving them.

Best regards

More information about the Gnupg-users mailing list