WKD proper behavior on fetch error

Ángel angel at pgp.16bits.net
Sat Jan 16 23:22:29 CET 2021

On 2021-01-16 at 02:20 +0100, Stefan Claas wrote:
> On Sat, Jan 16, 2021 at 1:45 AM raf wrote:
> > But there is no certificate that covers that sub-sub-domain.
> > That's why browsers complain if you go to
> > https://openpgpkey.sac001.github.io/.
> A quick question, if you don't mind. Why do people here on this ML
> insist on a sub-sub domain, named openpgpkey? Have you
> ever maintained a web server? I am not using the html protokoll
> that much, but for me the openpgpkey part in, the for me fictious,
> URL, causes this error, because GnuPG or gpg4win is looking for this.

Because that's what the specification says.

It's like you wanted to visit "google.com" and your browser said:
"Ok, I will see if www.google.com exists and if so, show you 
https://www.google.com (not https://google.com), but if there is no
www. subdomain I will try showing https://google.com directly"†

sequoia also goes to the openpgpkey.domain.tld url first. The
difference with gnupg is in their treatment of errors.

† NB: this is a fictitious example. While browsers do have some
heuristics if the provided domain fails, like prepending a "www." or
making a web search, I know of no browser doing that *before* . Using a
www. for web addresses is just a convention. Although we could have
ended in this situation if things had developed slightly different.

More information about the Gnupg-users mailing list