WKD proper behavior on fetch error
Ángel
angel at pgp.16bits.net
Sat Jan 16 23:06:27 CET 2021
On 2021-01-16 at 02:32 +0100, Stefan Claas via Gnupg-users wrote:
> Do I understand you correctly that if one uses now a subdomain
> like https://keys.300baud.de/.well-known/etc ... this would work
No. keys.300baud.de would work only for email at keys.300baud.de
However, for email at 300baud.de, you can use openpgpkey.300baud.de
> and if so why does it not work with:
> https://sac001.github.io/.well-known/etc...
Because there is a https://openpgpkey.300baud.de which higher priority
(and a certificate error, etc, etc)
> I ask because in my set-up which I would use I would do so
> and then add in the SSL cert a subdomain wildcard entry
> to cover host a and host b and like explained I would
> put keys from all in the WKD directory of host keys.
You don't need a wildcard entry. You could simply request a certificate
with the right name that will be needed.
More information about the Gnupg-users
mailing list