On 12/01/2021 22:17, Stefan Claas wrote: > On Tue, Jan 12, 2021 at 10:09 PM Daniele Nicolodi <dani...@grinta.net> wrote: >> >> On 12/01/2021 20:40, Stefan Claas via Gnupg-users wrote: >>> On Tue, Jan 12, 2021 at 8:17 PM André Colomb <an...@colomb.de> wrote: >>>> >>>> Hi Stefan, >>> >>>> So there are two "bugs" involved here. 1. GitHub presenting an invalid >>>> certificate for the sub-subdomain and 2. Sequoia not noticing that. >>>> Neither of these are bugs in GnuPG. If you can accept these facts, then >>>> it makes sense to further discuss what could be changed where to make >>>> your desired setup work. Maybe that discussion will lead to a concise >>>> change proposal. >>> >>> Hi Andre, currently I can only accept the fact that these two "bugs" are >>> currently not resolved in GnuPG and gpg4win, if you allow me to >>> formulate it this way. >> >> How can GPG solve bugs that are not in the GPG code or infrastructure? I >> think André did a great job explaining what the issues are. How do you >> think they can be addressed by GPG? > > If you followed the whole thread you may agree that GnuPG and gpg4win, > due to the way of how WKD is implemented does not allow wildcard (sub)domains, > when fetching a pub key from, for example, github.io pages, because it gives > a cert error for a *valid* SSL cert, while other OpenPGP software, > like sequoia-pgp, > can handle this.
It has been explained (several times now) that this is not the cases: the certificates are invalid for sub-subdomains. Why are you insisting that they are? Cheers, Dan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
