On Fri 2015-04-10 03:32:20 -0400, Kiss Gabor (Bitman) wrote:
>> sks 1.1.5+ requires round about 300MB in main memory on key.cccmz.de and
>> key.ip6.li. May be there is a problem, when haproxy is used in tcp mode to
>> proxy port 11370. key.ip6.li did not have problems, but a test system has
>> also
>> memory problems.
>>
>> On key.cccmz.de I replaced haproxy solution by native IPv6 solution and IP
>> NAT
>> for IPv4.
>
> Dear Christian et al.
>
> This morning I did realize that keys.niif.hu is not configured at
> keys.cccmz.de as peer. See
> https://sks-keyservers.net/status/info/key.cccmz.de
> That _can_ be the reason of extreme memory consuming at my side. :-)
I consider this a bug in SKS, if it can overconsume RAM on the basis of
one misbehaving or rejecting peer.
the implication is that a network attacker can force any SKS server into
this state.
Have you filed a bug report about this? Having a clear diagnosis of the
problem (and how to reproduce it?) would be really useful.
--dkg
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
