keyserver-options: self-sigs-only, import-clean, import-minimal

raf gnupg at
Thu Jul 4 03:42:09 CEST 2019

Werner Koch via Gnupg-users wrote:

> On Wed,  3 Jul 2019 12:35, gnupg-users at said:
> > problem but I have read RJH's article). It sounds like SKS servers can
> > handle these poisoned keys but GPG can't. That suggests that maybe GPG's
> I think here is a misunderstanding.  Sure, processing 150k signatures
> takes quite some time and makes things very slow.  This is why we call
> it a DoS.  We can't do much about it.  Compare it to X.509 CRLs - they
> have a very similar problem ( is a prominent but not the only
> example of CRLs making S/MIME processing very slow).
> The actual problem in gpg when using the keybox format is that only
> after processing the imported keys we hit a 5MiB limit for the keyblock
> in the database layer.  Thus the import fails.  Determining the size of
> the keyblock as it will be stored requires that we first remove some
> (standard) garbage from the keyblock - this takes some time.  With the
> currently deployed code gpg will just reject any updates from a key if
> that limit was reached.  That is not a good choice and the reason why I
> call it a bug.   The fix to this bug is to fallback importing a stripped
> down version of the key.  The current state is that we keep only
> self-signatures and then then import again with import-clean (which is
> then basically identical to import-minimal).
> > For example, if the problem is overuse of resources such as memory, could
> > the keyring handling code be rewritten to use fewer resources? e.g. treat
> Years ago we had the problem that people uploaded keys with large user
> ids and such.  Thus we introduced limits to avoid spamming the keyring
> with such faked data.  There is also an overall limit of 5 MiB for the
> entire keyblock which is sufficient for all real-world keyblocks - even
> for those with many key-signatures.
> > signatures when importing a key, perhaps there could be a limit to how many
> > signatures GPG will verify. Does it really have to verify every single one?
> It needs to validate all self-signature because they make up the
> integrity of the keyblock.  For key-signature, sure we could introduce a
> limit, we actually do that with import-clean because that imports only
> those key-signature which we can verify and which are the latest from the
> same key (it is possible to sign a key several times to change meta data
> associated with the key-signature).
> Salam-Shalom,
>    Werner
> -- 
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Hi Werner,

Thanks for the detailed explanation.
And thanks for gpg.


More information about the Gnupg-users mailing list