WKD proper behavior on fetch error
angel at pgp.16bits.net
Fri Jan 15 19:37:55 CET 2021
On 2021-01-15 at 07:56 +0100, Stefan Claas via Gnupg-users wrote:
> Don't you think when GitHub, a major player, would have an invalid
> SSL cert, that maybe one of the millions programmers there would not
> have contacted GitHub, like I did, and say hey GithHub you serve
> the global community and visitors an invalid SSL certificate? I must
> admit that I also do not understand what you mean with sus-sub
> domains. My GitHub page is sac001.github.io and not foo.bar.github.io
> or whatever.
By sub-sub-domains we are all talking about pages such as
https://openpgpkey.sac001.github.io or https://helloworld.sac001.github.io
Go there, click those links. You will see that -*after forcing your browser
to ignore the invalid certificate*- there is a web page there returning
a message of "Site not found", "404 There isn't a GitHub Pages site
*I* don't know why they have such domains resolving. It may have been
simpler to configure the dns server that way, or perhaps they just
missed it. The funny think is, I don't think there's a way to create a
page in helloworld.sac001.github.io or openpgpkey.sac001.github.io, so
these sites are mostly useless (if not directly problematic such as in
WKD case), and I guess that's why noone really bothered about the
invalid certificate for them (which isn't easy to solve, either).
I don't know what process you used to contact GitHub support, but the
question to ask would be precisely this:
> Why is there something on https://openpgpkey.sac001.github.io ? How
> can I modify it? If there is not, could you make it not to resolve?
The reasons why it is picked has been, I think, explained already many
times in this thread.
More information about the Gnupg-users