keyserver-options: self-sigs-only, import-clean, import-minimal

Werner Koch wk at
Wed Jul 3 09:13:08 CEST 2019

On Wed,  3 Jul 2019 12:35, gnupg-users at said:

> problem but I have read RJH's article). It sounds like SKS servers can
> handle these poisoned keys but GPG can't. That suggests that maybe GPG's

I think here is a misunderstanding.  Sure, processing 150k signatures
takes quite some time and makes things very slow.  This is why we call
it a DoS.  We can't do much about it.  Compare it to X.509 CRLs - they
have a very similar problem ( is a prominent but not the only
example of CRLs making S/MIME processing very slow).

The actual problem in gpg when using the keybox format is that only
after processing the imported keys we hit a 5MiB limit for the keyblock
in the database layer.  Thus the import fails.  Determining the size of
the keyblock as it will be stored requires that we first remove some
(standard) garbage from the keyblock - this takes some time.  With the
currently deployed code gpg will just reject any updates from a key if
that limit was reached.  That is not a good choice and the reason why I
call it a bug.   The fix to this bug is to fallback importing a stripped
down version of the key.  The current state is that we keep only
self-signatures and then then import again with import-clean (which is
then basically identical to import-minimal).

> For example, if the problem is overuse of resources such as memory, could
> the keyring handling code be rewritten to use fewer resources? e.g. treat

Years ago we had the problem that people uploaded keys with large user
ids and such.  Thus we introduced limits to avoid spamming the keyring
with such faked data.  There is also an overall limit of 5 MiB for the
entire keyblock which is sufficient for all real-world keyblocks - even
for those with many key-signatures.

> signatures when importing a key, perhaps there could be a limit to how many
> signatures GPG will verify. Does it really have to verify every single one?

It needs to validate all self-signature because they make up the
integrity of the keyblock.  For key-signature, sure we could introduce a
limit, we actually do that with import-clean because that imports only
those key-signature which we can verify and which are the latest from the
same key (it is possible to sign a key several times to change meta data
associated with the key-signature).



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list