[Web Key Directory] Custom domains return wrong PGP keys

I have the key 74EDD2488126072A9E9FD0C7348F97E620E0BA7A which contains the emails nico@cropp.lol and nicolas@omg.lol. My cropp.lol domain is pointed at omg.lol servers, and I used Switchboard to point it at my web page.

When looking up the key address “nicolas@omg.lol” it returns my key correctly.
When looking up “nico@cropp.lol” it returns the key of the user “nico@omg.lol” who isn’t me. The domain cropp.lol goes to omg.lol servers, and omg.lol returns the key for “nico” instead of considering that domain as mine, and returning the key for “nicolas”.

Per Adam in IRC, “with web key directory, I either need to not serve a key for external domains, or I need to check all uploaded keys for matching emails”. Leaving that here so he can read it later. :slight_smile:


Thanks for capturing this here. The fix will be in place shortly!

1 Like