On Wed, Jan 13, 2021 at 12:00 AM André Colomb <an...@colomb.de> wrote: > > On 12/01/2021 23.47, Stefan Claas wrote: > > Mmmh ... github.io or GitHub does *not* have issues with wildcard > > domains ... > > Here we are back at you denying facts, or maybe just generalizing too > much. As several others have put it already: > > When "browsing" to openpgpkey.sac001.github.io with whatever reasonable > HTTPS client, you are directed to an IP address. The web server at that > IP address presents a certificate for (among others) *.github.io. This > certificate is *invalid* for the originally entered domain name. No > matter how many times you deny it. > > For sac001.github.io, the certificate is *valid*. Nobody ever > questioned that. But it doesn't mean the above is untrue. > > Stay safe. > André
Why in the name of (whoever) does one need to browse a URL, with an openpgp part, If my browser does not allow me (AFAIK) to see it's content in that openpgp folder, or why do I/we need that for fetching securely a pub.key, if the direct method works (with sequoia-pgp) and Wiktor's WKD checker gives a green light for direct and IIRC you initally said direct for fetching is fine? Ok, I must say good night know, because I must get up early today. Stay safe too! Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users