WKD proper behavior on fetch error
Stefan Claas
spam.trap.mailing.lists at gmail.com
Sat Jan 16 02:32:41 CET 2021
On Sat, Jan 16, 2021 at 2:25 AM Ángel <angel at pgp.16bits.net> wrote:
>
> On 2021-01-15 at 20:34 +0100, Stefan Claas via Gnupg-users wrote:
> > If you or someone else set's up a web server, for a big organisation
> > or for yourself, you simple put in the .well-known folder some
> > content which would look most likely then like this:
> >
> > http://domain.tld/.well-known/etc... or maybe
> > https://sub.domain.tld/.well-known/etc...
>
>
> Right. For instance, you would use either
> https://300baud.de/.well-known/...
> https://openpgpkey.300baud.de/.well-known/...
>
>
> > If someone writes now a program which needs to access content in the
> > well-known folder, why does a software author needs to implement two
> > methods to access the well-known folder? This part for example I do
> > not understand, because if one method is not good or secure enough I
> > would simply drop one method an implement only the more secure and
> > more reliable one, or not?
>
> Because the specification says that it can be in those two places.
Do I understand you correctly that if one uses now a subdomain
like https://keys.300baud.de/.well-known/etc ... this would work
and if so why does it not work with:
https://sac001.github.io/.well-known/etc...
I ask because in my set-up which I would use I would do so
and then add in the SSL cert a subdomain wildcard entry
to cover host a and host b and like explained I would
put keys from all in the WKD directory of host keys.
Best regards
and Good Night
Stefan
More information about the Gnupg-users
mailing list