PGP Key Poisoner

Alessandro Vesely vesely at
Tue Aug 13 09:54:01 CEST 2019

On Mon 12/Aug/2019 19:27:49 +0200 Peter Lebbing wrote:
> On 12/08/2019 18:39, Stefan Claas via Gnupg-users wrote:
>> Why was is then not fixed a decade ago, like it was done with 2.2.17?
> There is no fix for the SKS keyserver network, which explains why it
> wasn't fixed in 2.2.17 either. In fact, fixes have been deployed over
> the last several years. DANE, WKD, Autocrypt, work on

This and John Z mentioning OCaml seem to point a finger in the wrong
direction.  The key poisoner shows that 200000 signatures can be
handled in a few seconds (I didn't try, I trust the author).  More
than a reasonable number of signatures makes no sense in practice, so
I agree lists should somehow be "fixed" so as not to accept an
unreasonable number of signatures (reasonable == 2??)

The bug, however, is in the program that chokes on poisoned keys!

Was that fixed, yet?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list