[Keyserver] Hockeypuck 2.1.0 released

Andrew Gallagher andrewg at andrewg.com
Thu Dec 10 20:59:46 CET 2020

How do you handle the gradual degradation of sync as different operators 
implement divergent blacklists?


On 10/12/2020 17:07, Casey Marshall wrote:
> I've released Hockeypuck 2.1.0 
> <https://github.com/hockeypuck/hockeypuck/releases/tag/2.1.0> [0], which 
> contains several new features that may be useful to mitigate 
> spamming/flooding/DoS [1] attacks on GnuPG and keyservers. See the 
> release link for details, but here's the highlights:
>   * Configurable key length and packet size limits, with sensible
>     defaults to limit keyserver resource consumption (1MB and 8K
>     respectively).
>   * Configurable blacklist of primary key fingerprints.
>   * Authenticated key management. This adds a couple of extra endpoints
>     which allow a key owner to replace and delete their key,
>     authenticated by signing the armored key in the request. This allows
>     a key owner to still update their own key once it has been inflated
>     beyond the key length limit.
> Blacklists and auth key management may also be of interest to keyserver 
> operators subject to GDPR-related requests.
> -Casey
> [0] https://github.com/hockeypuck/hockeypuck/releases/tag/2.1.0 
> <https://github.com/hockeypuck/hockeypuck/releases/tag/2.1.0>
> [1] https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f 
> <https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f>

Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201210/0dcb94f1/attachment.sig>

More information about the Gnupg-users mailing list