WKD for GitHub pages

Stefan Claas spam.trap.mailing.lists at gmail.com
Tue Jan 12 23:33:34 CET 2021


On Tue, Jan 12, 2021 at 11:32 PM Remco Rijnders <remco at webconquest.com> wrote:
>
> On Tue, Jan 12, 2021 at 10:17:13PM +0100, Stefan wrote in
> <CAC6FiZ4okkkjsZWG5N7MmnZL=twait-geP8VBJA8ai49vza1+g at mail.gmail.com>:
> >> How can GPG solve bugs that are not in the GPG code or infrastructure? I
> >> think André did a great job explaining what the issues are. How do you
> >> think they can be addressed by GPG?
> >
> >If you followed the whole thread you may agree that GnuPG and gpg4win,
> >due to the way of how WKD is implemented does not allow wildcard (sub)domains,
> >when fetching a pub key from, for example, github.io pages, because it gives
> >a cert error for a *valid* SSL cert, while other OpenPGP software,
> >like sequoia-pgp,
> >can handle this.
> >
> >I suggest that you or any other persons ask this question Werner, the author
> >of GnuPG and IIRC the wkd-draft author or you ask the sequoia
> >team how they implemented WKD, because sq.exe does it's job.
>
> Firefox gives an error on the URL https://openpgpkey.sac001.github.io/ :
>
> Websites prove their identity via certificates. Firefox does not trust this site
> because it uses a certificate that is not valid for openpgpkey.sac001.github.io.
> The certificate is only valid for the following names: www.github.com,
> *.github.com, github.com, *.github.io, github.io, *.githubusercontent.com,
> githubusercontent.com
>
> I don't see the valid SSL certificate you keep on insisting is there.

Hi, I suggest that you visit my https://sac001.github.io page and see what
it is all about. (BTW. I am also not affilated in any form with Brave ...)

Regards
Stefan



More information about the Gnupg-users mailing list