Stop-gap for signature flooded keys
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jul 1 19:13:37 CEST 2019
On Mon 2019-07-01 18:57:03 +0200, Werner Koch via Gnupg-devel wrote:
> into gpg.conf to skip all key-signatures at an early import stage. This
> will go into 2.2.17. We track this problem at https://dev.gnupg.org/T4591
Thanks for taking the time to work on this, Werner. I don't think this
is an appropriate fix, though.
As I've commented on T4591,
If i am going to tell anyone "hey, do this weird thing differently in
order to fetch my key", i will tell them "pull it from
https://dkg.fifthhorseman.net/dkg-openpgp.key". I will never tell
anyone to use import-self-sigs-only.
Not only that, but the current implementation of import-self-sigs-only
also does not appear to be robust against a malicious certificate
flood given SKS's lack of cryptographic validation. Adding a new
option to an already-crowded space is not the right solution. The
right solution is for gpg to be more defensive about the OpenPGP
packets it receives, regardless of who it receives them from.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: not available
More information about the Gnupg-devel