duplicate keyid survey results

Hironobu SUZUKI hironobu@h2np.net
Mon Mar 11 01:08:01 2002


> they know what they're using is not secure, that it is attackable,
> in many different ways.  The fixes for the insecurities in v3 are
> what became part of v4.

Some attacks are effective not only user client but also keyserver.
If keyserver found duplicate key then return "Found duplicate
key". It's OK. It's little cost.  If keyserver found duplicate key
then return all of key contents.  It is a possibility of DoS not only
user client but also keyserver. v3 is problem but we have to support.

-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net