https link method should use `.well-known`

Question

https link method should use `.well-known`

devsnek opened this issue 5 years ago · 9 comments

The url should be https://example.com/.well-known/keyspub.txt. See https://tools.ietf.org/html/rfc8615 and https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml and maybe https://en.wikipedia.org/wiki/List_of_/.well-known/_services_offered_by_webservers

Answer 1 · 2020-05-07T20:02:37.000Z

My gut reaction is worrying that somehow a hacker could get access to that directory more easily, but that doesn't seem right.

I could whitelist that location so both are valid?
https://example.com/keyspub.txt
https://example.com/.well-known/keyspub.txt

Answer 2 · 2020-05-07T20:48:44.000Z

Both also works

Answer 3 · 2020-05-10T17:59:20.000Z

I am not sure whether GitHub pages serve folders starting with a dot, so keeping a location outside of .well-known might be a good thing.

Answer 4 · 2020-05-10T18:39:46.000Z

It can using a _config.yml:

include:
  - ".well-known"

Answer 5 · 2020-05-20T01:37:55.000Z

This will land in the next version, see #49

Answer 6 · 2020-06-04T00:37:22.000Z

Fixed in 0.0.47.

Answer 7 · 2020-06-22T11:37:54.000Z

I have that version (at least my version suggests to use .well-known) but it didn't find the file (literally saying 404). Moving it to the root folder worked.

Answer 8 · 2020-06-25T23:13:26.000Z

Oops, this is not working. Re-opening.

Thanks for reporting the issue.

Answer 9 · 2020-06-25T23:31:26.000Z

Fixed in keys-pub/app@73cf025. Will be in next release.