Closed herrernst closed 9 years ago
mxstbr
commented
9 years ago I think it'd make the project too complicated, and I'm not quite sure of the use case. Why would anybody from the outside have to write an encrypted e-mail to an employee with the company e-mail address?
Also, don't you loose the control over the key? The sysadmin of the company/web server could upload whatever key he wants to the server, so I can't be sure it's exactly your key.
anselmh
commented
9 years ago I don’t think that’s possible with this project. I’d rather prefer serving it from a personalized subdomain in such a case. The issue is what @mstoiber said already. Also, it’s impossible to assume your key again if it doesn’t follow an official naming scheme. But as stated in README you could name it the way you want and link it with the meta tag still.
This project follows more the indieweb approach which assumes that you have your own (sub-)domain.
But we can come up with a better approach, I see no reason to not do it.
herrernst
commented
9 years ago Good points, thanks for discussion.
Would it be good to allow more than one key per domain, without including it in html markup? For example, for user
bob@example.com, try to fetch key fromhttps://example.com/bob.asc, and only use/pgp.ascif not found?