Hi! On Mon, 11 Feb 2019 14:04, ves...@tana.it said:
> I just saw version -07 today. The advanced method: > > WELLKNOWN := https://openpgpkey.example.org/.well-known/example.org/openpgpkey > > doesn't seem to make much sense to me. I tried it with posteo.de, and got: The two parts were accidently swapped in the I-D. It has been corrected in the repo. See https://dev.gnupg.org/rD733acdda1a440ca38df4aa22711459af7c25cd2d > The subdomain is probably a star (*) DNS record. However, their Right, they fixed it a few weeks ago, but they might have broken it agains. Actually only posteo.de works at all because they have invalid certificate for posteo.net for a frew years now (posteo.net is 301-redirected to posteo.de but posteo.net needs to have a cert for posteo.net). > I'm unable to get the "flexibility in setting up the Web Key Directory > in environments where more than one mail domain is hosted". Say I > host A.example and B.example. Then I need to set up both subdomains > openpgpkey.A.example and openpgpkey.B.example. Internally, they can You redirect the host openpgpkey.example.com and openpgpkey.example.org to, say, webkeys.example.com but keep the path to avoid CSRF. Then you can install gpg-wks-server on the webkeys.example.com host using its default layout with a directory for each domain. It is really convenient, because it requires less configuration. > What if they don't match? To urlencode the local part might have been > easier than Z-encoding its SHA1, but what's the point of doing both? Percent-encoding does not allow to store it as plain text files becuase '/' does not need to be percent encoded and the entire length of the filename might get too long without using a hash. The l= parameter has been added as an alternative way for looking up the key for those platforms which already employ databases or such and don't want to store extra data like a hash. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users