WKD proper behavior on fetch error

Stefan Claas spam.trap.mailing.lists at gmail.com
Sat Jan 16 02:32:41 CET 2021

On Sat, Jan 16, 2021 at 2:25 AM Ángel <angel at pgp.16bits.net> wrote:
> On 2021-01-15 at 20:34 +0100, Stefan Claas via Gnupg-users wrote:
> > If you or someone else set's up a web server, for a big organisation
> > or for yourself, you simple put in the .well-known folder some
> > content which would look most likely then like this:
> >
> > http://domain.tld/.well-known/etc... or maybe
> > https://sub.domain.tld/.well-known/etc...
> Right. For instance, you would use either
>  https://300baud.de/.well-known/...
>  https://openpgpkey.300baud.de/.well-known/...
> > If someone writes now a program which needs to access content in the
> > well-known folder, why does a software author needs to implement two
> > methods to access the well-known folder? This part for example I do
> > not understand, because if one method is not good or secure enough I
> > would simply drop one method an implement only the more secure and
> > more reliable one, or not?
> Because the specification says that it can be in those two places.

Do I understand you correctly that if one uses now a subdomain
like https://keys.300baud.de/.well-known/etc ... this would work
and if so why does it not work with:

I ask because in my set-up which I would use I would do so
and then add in the SSL cert a subdomain wildcard entry
to cover host a and host b and like explained I would
put keys from all in the WKD directory of host keys.

Best regards
and Good Night

More information about the Gnupg-users mailing list