On 2021-01-09 at 14:37 +0100, Stefan Claas via Gnupg-users wrote: > I believe GitHub is doing it right, because it is a > valid option according to their SSL cert data, and Werner simply > overlooked this option.
It is not. A certificate for *.github.io doesn't cover openpgpkey.sac001.github.io See rule #2 of https://tools.ietf.org/html/rfc6125#section-6.4.3 It is also quite normal that they don't have certificates for "subsubdomains". I don't see an option in GitHub pages to configure further subdomains, and given that github usernames can't contain dots, it doesn't seem such "subsubdomains" would be used, so GitHub should probably stop resolving them. Best regards _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users