On Sat, Jan 9, 2021 at 11:42 PM Ángel <an...@pgp.16bits.net> wrote: > > On 2021-01-09 at 14:37 +0100, Stefan Claas via Gnupg-users wrote: > > I believe GitHub is doing it right, because it is a > > valid option according to their SSL cert data, and Werner simply > > overlooked this option. > > It is not. A certificate for *.github.io doesn't cover > openpgpkey.sac001.github.io > See rule #2 of https://tools.ietf.org/html/rfc6125#section-6.4.3
I was refering to wildcard subdomains, like my sac001.github.io subdomain, which is covered by GitHub's SSL cert. > > > It is also quite normal that they don't have certificates for > "subsubdomains". I don't see an option in GitHub pages to configure > further subdomains, and given that github usernames can't contain dots, > it doesn't seem such "subsubdomains" would be used, so GitHub should > probably stop resolving them. Yes, the openpgpkeys. part which Ingo showed with my domain and the IP addresses. Like I said in my previous reply to Ingo, It would be nice if GitHub staff would see this thread and talk with Werner. Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
