gpg > addphoto

Stefan Claas sac at 300baud.de
Tue Jan 8 20:16:59 CET 2019


On Tue, 8 Jan 2019 18:50:12 +0100, Peter Lebbing wrote:
Hi Peter,

[snip]

> I hope I did a good job of explaining my meaning this time around.

Yes, i think you did, even if i see things a bit different. But no worries! :-)

Since this is an interesting subject, i believe, i may check out how much
payload can be put in such large jpeg images, just out of of interest
and i may, if time allows, try to get hold of a complete key server dump
to try to see if i can find something interesting.

> But I'd like to tack on even more thoughts :-). Because finally, what
> GnuPG enforces is again something different from what the keyserver
> network enforces. If you're worried about big images or other data being
> uploaded to the keyservers, the place to fix that would be the
> keyservers, not GnuPG, because a bad actor could just change their own
> GnuPG. But they can't change the code running in the public keyserver
> network other than by running their own keyserver.

Yes, agreed! However, as it currently is there is no need for bad actors
because people have plenty of image space in a key.

Regards
Stefan



More information about the Gnupg-users mailing list