On 13-01-2015 21:38, Werner Koch wrote: > Well, we could also change the code > to trial verify with all key ids but that takes longer than needed and > may by itself be used as a DoS.
You don't need to test all keyID's - just those with the same key ID. Assuming this is a rare occasion and someone's keyring is not flooded with keys with the same ID (in that case you are probably under some kind of attack and might investigate), you can even detect and store this condition somewere when importing the key and checking this probably very short list if key ID's that appear multiple times. I wonder what this would do with the keyserver network. They probably need adapting too. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
