WKD for GitHub pages

Stefan Claas spam.trap.mailing.lists at gmail.com
Sat Jan 9 23:49:35 CET 2021

On Sat, Jan 9, 2021 at 11:42 PM Ángel <angel at pgp.16bits.net> wrote:
> On 2021-01-09 at 14:37 +0100, Stefan Claas via Gnupg-users wrote:
> > I believe GitHub is doing it right, because it is a
> > valid option according to their SSL cert data, and Werner simply
> > overlooked this option.
> It is not. A certificate for *.github.io doesn't cover
> openpgpkey.sac001.github.io
> See rule #2 of https://tools.ietf.org/html/rfc6125#section-6.4.3

I was refering to wildcard subdomains, like my sac001.github.io subdomain,
which is covered by GitHub's SSL cert.
> It is also quite normal that they don't have certificates for
> "subsubdomains". I don't see an option in GitHub pages to configure
> further subdomains, and given that github usernames can't contain dots,
> it doesn't seem such "subsubdomains" would be used, so GitHub should
> probably stop resolving them.

Yes, the openpgpkeys. part which Ingo showed with my domain and the IP

Like I said in my previous reply to Ingo, It would be nice if GitHub staff would
see this thread and talk with Werner.


More information about the Gnupg-users mailing list