[mailop] OpenPGP WKD URL
Vincent Breitmoser
look at my.amazin.horse
Tue Feb 11 14:41:27 CET 2025
Hey list,
On 11.02.25 13:28, Werner Koch via Gnupg-users wrote:
> CNAME will only work if the final webserver has a certificate for the
> actual domain or the one with the "openpgpkey." prefix. Thus I don't
> understand how Vincent's hack can work without delegating the ownership
> of one's own domain to his server.
That is indeed how it works - you delegate the openpgpkey subdomain to
our gateway server, and we do the rest. Not that much different from
delegating a domain's mail responsibility via an MX record in that
sense, and fortunately the "openpgpkey" subdomain is neatly
compartmentalized for just that purpose :)
It's of course a matter of trust. But for a fair amount of people, it
seems to be a reasonable tradeoff.
Cheers
- V
More information about the Gnupg-users
mailing list