WKD proper behavior on fetch error

Ángel angel at pgp.16bits.net
Sat Jan 16 23:06:27 CET 2021

On 2021-01-16 at 02:32 +0100, Stefan Claas via Gnupg-users wrote:
> Do I understand you correctly that if one uses now a subdomain
> like https://keys.300baud.de/.well-known/etc ... this would work

No. keys.300baud.de would work only for email at keys.300baud.de

However, for email at 300baud.de, you can use openpgpkey.300baud.de

> and if so why does it not work with:
> https://sac001.github.io/.well-known/etc...

Because there is a https://openpgpkey.300baud.de which higher priority
(and a certificate error, etc, etc)

> I ask because in my set-up which I would use I would do so
> and then add in the SSL cert a subdomain wildcard entry
> to cover host a and host b and like explained I would
> put keys from all in the WKD directory of host keys.

You don't need a wildcard entry. You could simply request a certificate
with the right name that will be needed. 

More information about the Gnupg-users mailing list