On Sat, Jan 9, 2021 at 11:37 AM Neal H. Walfield <n...@walfield.org> wrote:
> It appears that gpg is trying the advanced lookup method, gets an > error, and then doesn't fallback to the direct lookup method. This is > consistent with the I-D: > > 3.1. Key Discovery > > ... > > There are two variants on how to form the request URI: The advanced > and the direct method. Implementations MUST first try the advanced > method. Only if the required sub-domain does not exist, they SHOULD > fall back to the direct method. > > https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-07 > > It appears that github.com's DNS is configured such that all domains > under github.com resolve to github.com's web server, even > subsubdomains. For instance, > https://asdflkjasdfj.asdflkjasdflkj.github.com/ resolves to a 404. > > So, it seems that you'll need to create openpgpkey.sac001.github.com. > Further, you'll have to figure out how to get a valid certificate for > it. At least Firefox considers github.com's certificate to be valid > for foo.github.com, but not bar.foo.github.com. Hi Neal, thanks for the reply, much appreciated! Simply said, for the average user like me, I believe GitHub is doing it right, because it is a valid option according to their SSL cert data, and Werner simply overlooked this option. I will not experiment any further, because I set-up WKD properly, which works with sequoia-pgp, for example. I have not checked other OpenPGP software. And I strongly believe that Werner can fix this issue, if he is willing to do so. Best regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users