On Mon 12/Aug/2019 19:27:49 +0200 Peter Lebbing wrote: > On 12/08/2019 18:39, Stefan Claas via Gnupg-users wrote: >> Why was is then not fixed a decade ago, like it was done with 2.2.17? > > There is no fix for the SKS keyserver network, which explains why it > wasn't fixed in 2.2.17 either. In fact, fixes have been deployed over > the last several years. DANE, WKD, Autocrypt, work on > keys.openpgp.org...
This and John Z mentioning OCaml seem to point a finger in the wrong direction. The key poisoner shows that 200000 signatures can be handled in a few seconds (I didn't try, I trust the author). More than a reasonable number of signatures makes no sense in practice, so I agree lists should somehow be "fixed" so as not to accept an unreasonable number of signatures (reasonable == 2??) The bug, however, is in the program that chokes on poisoned keys! Was that fixed, yet? Best Ale
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users