On Wed, Jan 09, 2019 at 11:29:06PM +0100, dirk1980ac via Gnupg-users wrote: > > I only wanted to know why such a large image size in the first > > place was chosen, when GnuPG suggest a much much smaller > > size. :-) > > I think the 16M are from times, where RAM was nbot measured in GB.
Not quite. If you look at the code’s history, you’ll find that the 16MB limit is actually from 2014 [1]. There was no limitation on the size of user attribute packets before that. It is wise to be careful when you abruptly introduce a limitation that did not exist before; 16MB was chosen because it is big enough to avoid breaking any existing key with a legitimate user attribute packet, while still preventing DoS attempts with deliberately oversized packets. Of note, the OpenPGP RFC does allow arbitrary large attribute packets, which means that strictly speaking, GnuPG is already "wrong" to reject a packet larger than 16MB. - Damien [1] https://dev.gnupg.org/rGbab9cdd971f35ff47e153c00034c95e7ffeaa09a
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users