WKD for GitHub pages

Daniele Nicolodi daniele at grinta.net
Wed Jan 13 09:24:17 CET 2021

On 12/01/2021 22:17, Stefan Claas wrote:
> On Tue, Jan 12, 2021 at 10:09 PM Daniele Nicolodi <daniele at grinta.net> wrote:
>> On 12/01/2021 20:40, Stefan Claas via Gnupg-users wrote:
>>> On Tue, Jan 12, 2021 at 8:17 PM André Colomb <andre at colomb.de> wrote:
>>>> Hi Stefan,
>>>> So there are two "bugs" involved here.  1. GitHub presenting an invalid
>>>> certificate for the sub-subdomain and 2. Sequoia not noticing that.
>>>> Neither of these are bugs in GnuPG.  If you can accept these facts, then
>>>> it makes sense to further discuss what could be changed where to make
>>>> your desired setup work.  Maybe that discussion will lead to a concise
>>>> change proposal.
>>> Hi Andre, currently I can only accept the fact that these two "bugs" are
>>> currently not resolved in GnuPG and gpg4win, if you allow me to
>>> formulate it this way.
>> How can GPG solve bugs that are not in the GPG code or infrastructure? I
>> think André did a great job explaining what the issues are. How do you
>> think they can be addressed by GPG?
> If you followed the whole thread you may agree that GnuPG and gpg4win,
> due to the way of how WKD is implemented does not allow wildcard (sub)domains,
> when fetching a pub key from, for example, github.io pages, because it gives
> a cert error for a *valid* SSL cert, while other OpenPGP software,
> like sequoia-pgp,
> can handle this.

It has been explained (several times now) that this is not the cases:
the certificates are invalid for sub-subdomains. Why are you insisting
that they are?


More information about the Gnupg-users mailing list