CNAME aliases for wkd.keys.openpgp.org and X.509 certificates [was: Re: WKD for GitHub pages]

Vincent Breitmoser look at my.amazin.horse
Sat Jan 16 14:19:39 CET 2021


> Now I'm a bit confused :O
> I thought WKD can be used with your own webserver. So why do I have to 
> make a CNAME recort pointing to "wkd.keys.openpgp.org"?
> 
> Or did I understand anything wrong?

Sorry, that was confusing without context. Yes, WKD is bound to the domain of
the email address, and as such it will typically be hosted together with the
email server itself, or at least by the same entity.

Using the advanced WKD method, it's possible to "outsource" hosting using
a CNAME, and keys.o.o will do the rest:

https://keys.openpgp.org/about/usage#wkd-as-a-service

But this is only a shortcut for convenience. WKD works best when it is run
decentralized by the email hosters themselves.

 - V



More information about the Gnupg-users mailing list