[mailop] OpenPGP WKD URL

Mon Feb 3 12:44:07 CET 2025

Hi Slavko,

I'll try to share the little knowledge I have.

Am So den  2. Feb 2025 um 12:35 schrieb Slavko via mailop:
>     https://openpgpkey.example.com/.well-known/openpgpkey/example.com/hu/...
[...]
>     https://openpgpkey.example.com/.well-known/openpgpkey/hu/...

First of all, I did the easiest way in DNS:
openpgpkey  IN  CNAME   wkd.keys.openpgp.org.

That way, I don't have to worry about it. However.

My knowledge is the later one. But it might be that you could implement
both solutions. Other way, it would not work relyable with the DNS CNAME
solution. So I think, the wiki seems to be wrong in that case.

> Around of web i found another form, with subdomain, but without domain
> in path:

And yes, the subdomain is important.

Beside that, I implemented the DNS key lookup in the way:
4iwmtum663r8xnewtn7ugkdixws1d1n8._pka   IN      CERT    IPGP 0 0 FIXUykKVLJSbF1Nis3nQsG9OIK8caHR0cDovL3d3dy5ldGhnZW4uY2gvfmtsYXVzLzc5RDBCMDZGNEUyMEFGMUMudHh0

However, that makes only sense with DNSSEC.

Maybe Werner is reading this and can answer the questions. I'll xpost
to gnupg-users ML.

Regards
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus at Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 688 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250203/ce8d2549/attachment.sig>