Large keys and the keybox

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Oct 9 21:47:40 CEST 2014


On 10/09/2014 03:09 PM, Werner Koch wrote:
> The largest Key currently allowed are 2 MiB (formerly 1 MB).  With this
> patch and reducing the limit for testing to 1 MiB I get this on my test
> ring:

Does this limit size of an entire OpenPGP certificate, or just the key
itself?

> Eventually we may need to add an option to increase the limit,
> but we should really keep one to not eat up all memory on small devices.

yeah, there are DoS tradeoffs in both directions, unfortunately.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141009/27837b6d/attachment.sig>


More information about the Gnupg-devel mailing list