WKD for GitHub pages

Remco Rijnders remco at webconquest.com
Tue Jan 12 22:36:13 CET 2021

On Tue, Jan 12, 2021 at 10:17:13PM +0100, Stefan wrote in 
<CAC6FiZ4okkkjsZWG5N7MmnZL=twait-geP8VBJA8ai49vza1+g at mail.gmail.com>:
>> How can GPG solve bugs that are not in the GPG code or infrastructure? I
>> think André did a great job explaining what the issues are. How do you
>> think they can be addressed by GPG?
>If you followed the whole thread you may agree that GnuPG and gpg4win,
>due to the way of how WKD is implemented does not allow wildcard (sub)domains,
>when fetching a pub key from, for example, github.io pages, because it gives
>a cert error for a *valid* SSL cert, while other OpenPGP software,
>like sequoia-pgp,
>can handle this.
>I suggest that you or any other persons ask this question Werner, the author
>of GnuPG and IIRC the wkd-draft author or you ask the sequoia
>team how they implemented WKD, because sq.exe does it's job.

Firefox gives an error on the URL https://openpgpkey.sac001.github.io/ :

Websites prove their identity via certificates. Firefox does not trust this site
because it uses a certificate that is not valid for openpgpkey.sac001.github.io.
The certificate is only valid for the following names: www.github.com,
*.github.com, github.com, *.github.io, github.io, *.githubusercontent.com,

I don't see the valid SSL certificate you keep on insisting is there.

More information about the Gnupg-users mailing list