PGP Key Poisoner
Werner Koch
wk at gnupg.org
Tue Aug 13 12:08:31 CEST 2019
On Tue, 13 Aug 2019 09:54, gnupg-users at gnupg.org said:
> The bug, however, is in the program that chokes on poisoned keys!
Nope. This is a long standing DoS protection by limiting the total
length of a keyblock. The diagnostics were a bit misleading, though.
The time it took to process all these signatures during importing is due
to a fix and out of order keyblock functions which has been enabled by
default in 2.1. It should be obvious that checking several thousands of
signatures and finding the matching user-id takes its time.
Anyway, given that these keys are real the approach with 2.2.17 is to
auto-retry an import with import-clean etc. if the keyblock size hits
the size limit. For keyserver imports import-clean is also the default.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190813/ff336b81/attachment.sig>
More information about the Gnupg-users
mailing list