On Sun, Jan 10, 2021 at 11:22 PM Ángel <an...@pgp.16bits.net> wrote:
>
> On 2021-01-10 at 18:47 +0100, Stefan Claas via Gnupg-users wrote:
> > Can you tell me/us in laymen terms how this works with gnupg.org?
> >
> > openpgpkey.gnupg.org has address 217.69.77.222
> > openpgpkey.gnupg.org has IPv6 address 2001:aa8:fff1:100::22
> >
> > Regards
> > Stefan
>
> Sure. Let's suppose you wanted to fetch Werner's key. You want the key
> for w...@gnupg.org Using --with-wkd-hash parameter, we can see that this
> would generate nq6t9teux7edsnwdksswydu4o9i5e...@gnupg.org
>
> Then, the key of Werner lives at
> https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
>
> If openpgpkey.gnupg.org didn't exist, then it would use the direct schema, in 
> which the key would be at
> https://gnupg.org/.well-known/openpgpkey/hu/nq6t9teux7edsnwdksswydu4o9i5es3f

Thanks, so I think the culprit could be that maybe the specs were
changed, when I
look at your links, including the gnupg.org domain as a folder, which
I never set-up
when doing this for my 300baud.de domain. I checked also older WKD tutorials
on the Internet and they do not mention a domain folder either.

I tried to include this domain folder, this morning, named sac001 but it did not
work either, whether with GnuPG or sequioa-pgp.

So my guess is that GnuPG gives this cert error because it does not support
wildcard subdomains, included in an SSL cert, like the GitHub one.

Not sure if Let's Encrypt issues such certs. If, I could set-up two droplets at
Digital Ocean, a bob.300baud.de one and an alice.300baud.de one and see
what happens.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to