CNAME aliases for wkd.keys.openpgp.org and X.509 certificates [was: Re: WKD for GitHub pages]
Vincent Breitmoser
look at my.amazin.horse
Sat Jan 16 03:26:24 CET 2021
Daniel Kahn Gillmor via Gnupg-users <gnupg-users at gnupg.org> wrote:
> On Mon 2021-01-11 22:59:10 +0100, Ángel wrote:
> > The "make a CNAME of your openpgpkeys subdomain to
> > wkd.keys.openpgp.org" couldn't work with https certificate validation,
> > thouth (or are they requesting a certificate on-the-fly?)
>
> In fact, i believe that keys.openpgp.org *is* requesting and retaining a
> certificate on-the-fly if it finds itself addressed by such a CNAME.
Yep. If that wasn't possible, we wouldn't do it.
btw, if anyone is interested: keys.o.o serves wkd for 224 domains right now.
- V
More information about the Gnupg-users
mailing list