Hey list, On 11.02.25 13:28, Werner Koch via Gnupg-users wrote:
CNAME will only work if the final webserver has a certificate for the actual domain or the one with the "openpgpkey." prefix. Thus I don't understand how Vincent's hack can work without delegating the ownership of one's own domain to his server.
That is indeed how it works - you delegate the openpgpkey subdomain to our gateway server, and we do the rest. Not that much different from delegating a domain's mail responsibility via an MX record in that sense, and fortunately the "openpgpkey" subdomain is neatly compartmentalized for just that purpose :)
It's of course a matter of trust. But for a fair amount of people, it seems to be a reasonable tradeoff.
Cheers - V _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
