On Tue, Feb 11, 2025 at 05:44:49PM +0100, Vincent Breitmoser via Gnupg-users wrote: > > The openpgpkey prefix thingy was only introduced to work around the > > t-online.de/Stroehr website and DNS responsibility mess. I wished I > > never had introduced that - in particular because t-online then never > > introduced WKD. > > Yeah. Bummer it didn't work out with them, but I wager they're not the only > ones with this management problem. Placing content directly on the main > domain is certainly much more difficult in terms of processes and ownership > than adding a specialized subdomain.
100% agree with Vincent here. The prefix (or another DNS-based indirection mechanism from the domain apex) is absolutely required to deploy this kind of less-known feature for a mid-size or larger organization. Getting enough buy-in to have a DNS name added to a domain representing the company brand is often hard enough. Getting changes to the corporate site or company's primary service site is often close enough to impossible: whatever HTTP service lives at the apex will often by operated by consultants operating an outsourced CMS fronted by an outsourced cache farm fronted by an outsourced WAF, which will nowadays often block anything that looks like "automated" access. All of this will be zealously guarded by extremely risk-averse PR and IT/security departments. I have plenty of stories about getting a single, static, business-critical file deployed to the apex site of a large corporation. Without going into detail, you can often expect a multi-week if not multi-month effort involving upper management for that single file. -Valtteri _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
