gpg > addphoto
Damien Goutte-Gattat
dgouttegattat at incenp.org
Thu Jan 10 00:13:33 CET 2019
On Wed, Jan 09, 2019 at 11:29:06PM +0100, dirk1980ac via Gnupg-users wrote:
> > I only wanted to know why such a large image size in the first
> > place was chosen, when GnuPG suggest a much much smaller
> > size. :-)
>
> I think the 16M are from times, where RAM was nbot measured in GB.
Not quite. If you look at the code’s history, you’ll find that the 16MB
limit is actually from 2014 [1]. There was no limitation on the size of
user attribute packets before that.
It is wise to be careful when you abruptly introduce a limitation that
did not exist before; 16MB was chosen because it is big enough to avoid
breaking any existing key with a legitimate user attribute packet, while
still preventing DoS attempts with deliberately oversized packets.
Of note, the OpenPGP RFC does allow arbitrary large attribute packets,
which means that strictly speaking, GnuPG is already "wrong" to reject a
packet larger than 16MB.
- Damien
[1] https://dev.gnupg.org/rGbab9cdd971f35ff47e153c00034c95e7ffeaa09a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190109/0c87d28e/attachment.sig>
More information about the Gnupg-users
mailing list