On 14 Feb 2025, at 13:12, Klaus Ethgen wrote:
>
> Do I get something wrong? That WKS system is used by Gnupg and not by a
> Browser...?
It’s used by many openpgp clients, some of which do run in the browser.
A
___
Gnupg-users mailing list
Gnupg-users
Hi,
Am Fr den 14. Feb 2025 um 8:02 schrieb Werner Koch via Gnupg-users:
> with browser vendors not support basic DNS lookup features in their
> browsers. Using SRV records would have been the Right Thing.
Do I get something wrong? That WKS system is used by Gnupg and not by a
Browser...?
Brows
On Wed, 12 Feb 2025 12:48, Valtteri Vuorikoski said:
> 100% agree with Vincent here. The prefix (or another DNS-based indirection
> mechanism from the domain apex) is absolutely required to deploy this kind of
I agree too. Maybe I forgot to mention that the whole trouble started
with browser ven
On Tue, Feb 11, 2025 at 05:44:49PM +0100, Vincent Breitmoser via Gnupg-users
wrote:
> > The openpgpkey prefix thingy was only introduced to work around the
> > t-online.de/Stroehr website and DNS responsibility mess. I wished I
> > never had introduced that - in particular because t-online then n
Hey Werner, list,
On 11.02.25 17:17, Werner Koch wrote:
It's of course a matter of trust. But for a fair amount of people, it
seems to be a reasonable tradeoff.
[ This also works around the trust model of WKD which claims that you are
the owner of your domain.]
I'm not sure I follow. If I
> It's of course a matter of trust. But for a fair amount of people, it
> seems to be a reasonable tradeoff.
[ This also works around the trust model of WKD which claims that you are
the owner of your domain.]
The openpgpkey prefix thingy was only introduced to work around the
t-online.de/Stro
Hey list,
On 11.02.25 13:28, Werner Koch via Gnupg-users wrote:
CNAME will only work if the final webserver has a certificate for the
actual domain or the one with the "openpgpkey." prefix. Thus I don't
understand how Vincent's hack can work without delegating the ownership
of one's own domain
On Mon, 3 Feb 2025 12:44, Klaus Ethgen said:
> First of all, I did the easiest way in DNS:
> openpgpkey IN CNAME wkd.keys.openpgp.org.
CNAME will only work if the final webserver has a certificate for the
actual domain or the one with the "openpgpkey." prefix. Thus I don't
understand how Vi
Hi Slavko,
I'll try to share the little knowledge I have.
Am So den 2. Feb 2025 um 12:35 schrieb Slavko via mailop:
> https://openpgpkey.example.com/.well-known/openpgpkey/example.com/hu/...
[...]
> https://openpgpkey.example.com/.well-known/openpgpkey/hu/...
First of all, I did the eas
