WKD for GitHub pages
Stefan Claas
spam.trap.mailing.lists at gmail.com
Sat Jan 9 14:37:34 CET 2021
On Sat, Jan 9, 2021 at 11:37 AM Neal H. Walfield <neal at walfield.org> wrote:
> It appears that gpg is trying the advanced lookup method, gets an
> error, and then doesn't fallback to the direct lookup method. This is
> consistent with the I-D:
>
> 3.1. Key Discovery
>
> ...
>
> There are two variants on how to form the request URI: The advanced
> and the direct method. Implementations MUST first try the advanced
> method. Only if the required sub-domain does not exist, they SHOULD
> fall back to the direct method.
>
> https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-07
>
> It appears that github.com's DNS is configured such that all domains
> under github.com resolve to github.com's web server, even
> subsubdomains. For instance,
> https://asdflkjasdfj.asdflkjasdflkj.github.com/ resolves to a 404.
>
> So, it seems that you'll need to create openpgpkey.sac001.github.com.
> Further, you'll have to figure out how to get a valid certificate for
> it. At least Firefox considers github.com's certificate to be valid
> for foo.github.com, but not bar.foo.github.com.
Hi Neal,
thanks for the reply, much appreciated! Simply said, for the average
user like me, I believe GitHub is doing it right, because it is a
valid option according to their SSL cert data, and Werner simply
overlooked this option. I will not experiment any further, because I
set-up WKD properly, which works with sequoia-pgp, for example. I have
not checked other OpenPGP software.
And I strongly believe that Werner can fix this issue, if he is
willing to do so.
Best regards
Stefan
More information about the Gnupg-users
mailing list