gpg > addphoto

Stefan Claas sac at 300baud.de
Thu Jan 10 16:23:05 CET 2019


On Thu, 10 Jan 2019 09:41:59 +1100, gnupg at raf.org wrote:
> Stefan Claas wrote:
> 
> > I only wanted to know why such a large image size in the first
> > place was chosen, when GnuPG suggest a much much smaller
> > size. :-)  
> 
> I'd guess that it's not about image size. It's a
> maximum packet size. 

Sorry, yes you are right it is the maximum packet size,
but as understood used for images only. Or are there
any more attribute packets like No. 1? (i have to check
the draft, i guess.)

>Things other than images have to
> go in there as well (although an image would no doubt
> usually take up most of the space). 

There are different packets for each purpose, as understood.

> It's part of GNU philosophy to not implement unnecessary
> hard limits in software but one good reason to impose limits
> is to prevent denial of service conditions. 

What i really don't get with this DoS stuff is when one uses with
friends etc. the regular version of GnuPG / PGP and obtains the
keys from friends, checks the fingerprint why should one worry?
Sure, if i customize the source code I can do such stuff to other keys
on SKS key servers, but then people can still ask their friends and
say "hi there seems to be something wrong with your key, can you
mail me please a copy".

Or are there cases when messages are in transient and can those
be quickly modified, so that GnuPG crashes (your system)?

Regards
Stefan



More information about the Gnupg-users mailing list