Stop-gap for signature flooded keys

Daniel Kahn Gillmor dkg at
Mon Jul 1 19:13:37 CEST 2019

On Mon 2019-07-01 18:57:03 +0200, Werner Koch via Gnupg-devel wrote:
> into gpg.conf to skip all key-signatures at an early import stage.  This
> will go into 2.2.17.  We track this problem at

Thanks for taking the time to work on this, Werner.  I don't think this
is an appropriate fix, though.

As I've commented on T4591,

  If i am going to tell anyone "hey, do this weird thing differently in
  order to fetch my key", i will tell them "pull it from". I will never tell
  anyone to use import-self-sigs-only.

  Not only that, but the current implementation of import-self-sigs-only
  also does not appear to be robust against a malicious certificate
  flood given SKS's lack of cryptographic validation. Adding a new
  option to an already-crowded space is not the right solution. The
  right solution is for gpg to be more defensive about the OpenPGP
  packets it receives, regardless of who it receives them from.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list