PGP Key Poisoner
Alessandro Vesely
vesely at tana.it
Tue Aug 13 09:54:01 CEST 2019
On Mon 12/Aug/2019 19:27:49 +0200 Peter Lebbing wrote:
> On 12/08/2019 18:39, Stefan Claas via Gnupg-users wrote:
>> Why was is then not fixed a decade ago, like it was done with 2.2.17?
>
> There is no fix for the SKS keyserver network, which explains why it
> wasn't fixed in 2.2.17 either. In fact, fixes have been deployed over
> the last several years. DANE, WKD, Autocrypt, work on
> keys.openpgp.org...
This and John Z mentioning OCaml seem to point a finger in the wrong
direction. The key poisoner shows that 200000 signatures can be
handled in a few seconds (I didn't try, I trust the author). More
than a reasonable number of signatures makes no sense in practice, so
I agree lists should somehow be "fixed" so as not to accept an
unreasonable number of signatures (reasonable == 2??)
The bug, however, is in the program that chokes on poisoned keys!
Was that fixed, yet?
Best
Ale
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190813/9e7b2d5a/attachment.sig>
More information about the Gnupg-users
mailing list