CNAME aliases for wkd.keys.openpgp.org and X.509 certificates [was: Re: WKD for GitHub pages]
Juergen Bruckner
juergen at bruckner.email
Sat Jan 16 10:31:03 CET 2021
Hello Group!
Am 16.01.21 um 03:26 schrieb Vincent Breitmoser via Gnupg-users:
>
> Daniel Kahn Gillmor via Gnupg-users <gnupg-users at gnupg.org> wrote:
>> On Mon 2021-01-11 22:59:10 +0100, Ángel wrote:
>>> The "make a CNAME of your openpgpkeys subdomain to
>>> wkd.keys.openpgp.org" couldn't work with https certificate validation,
>>> thouth (or are they requesting a certificate on-the-fly?)
>>
>> In fact, i believe that keys.openpgp.org *is* requesting and retaining a
>> certificate on-the-fly if it finds itself addressed by such a CNAME.
>
> Yep. If that wasn't possible, we wouldn't do it.
>
> btw, if anyone is interested: keys.o.o serves wkd for 224 domains right now.
>
> - V
Now I'm a bit confused :O
I thought WKD can be used with your own webserver. So why do I have to
make a CNAME recort pointing to "wkd.keys.openpgp.org"?
Or did I understand anything wrong?
BTW ... do any of you know a tutorial to set up WKD for 'Dummies'?
best regards
Juergen
--
/¯\ No |
\ / HTML | Juergen Bruckner
X in | juergen at bruckner.email
/ \ Mail |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3894 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210116/2fffe4af/attachment-0001.bin>
More information about the Gnupg-users
mailing list