WKD for GitHub pages
Stefan Claas
spam.trap.mailing.lists at gmail.com
Wed Jan 13 00:40:48 CET 2021
On Wed, Jan 13, 2021 at 12:00 AM André Colomb <andre at colomb.de> wrote:
>
> On 12/01/2021 23.47, Stefan Claas wrote:
> > Mmmh ... github.io or GitHub does *not* have issues with wildcard
> > domains ...
>
> Here we are back at you denying facts, or maybe just generalizing too
> much. As several others have put it already:
>
> When "browsing" to openpgpkey.sac001.github.io with whatever reasonable
> HTTPS client, you are directed to an IP address. The web server at that
> IP address presents a certificate for (among others) *.github.io. This
> certificate is *invalid* for the originally entered domain name. No
> matter how many times you deny it.
>
> For sac001.github.io, the certificate is *valid*. Nobody ever
> questioned that. But it doesn't mean the above is untrue.
>
> Stay safe.
> André
Why in the name of (whoever) does one need to browse a URL, with an openpgp
part, If my browser does not allow me (AFAIK) to see it's content in
that openpgp
folder, or why do I/we need that for fetching securely a pub.key, if
the direct method
works (with sequoia-pgp) and Wiktor's WKD checker gives a green light for direct
and IIRC you initally said direct for fetching is fine?
Ok, I must say good night know, because I must get up early today.
Stay safe too!
Regards
Stefan
More information about the Gnupg-users
mailing list