WKD for GitHub pages

André Colomb andre at colomb.de
Tue Jan 12 23:57:54 CET 2021

On 12/01/2021 23.47, Stefan Claas wrote:
> Mmmh ... github.io or GitHub does *not* have issues with wildcard
> domains ...

Here we are back at you denying facts, or maybe just generalizing too
much.  As several others have put it already:

When "browsing" to openpgpkey.sac001.github.io with whatever reasonable
HTTPS client, you are directed to an IP address.  The web server at that
IP address presents a certificate for (among others) *.github.io.  This
certificate is *invalid* for the originally entered domain name.  No
matter how many times you deny it.

For sac001.github.io, the certificate is *valid*.  Nobody ever
questioned that.  But it doesn't mean the above is untrue.

Stay safe.

From: André Colomb <andre at colomb.de>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210112/0846f012/attachment.sig>

More information about the Gnupg-users mailing list