Daniel Roesler wrote: > Uploading user attribute packets with bogus self-signatures is > probably the easiest way to DoS the entire keyserver network. A bot > could add 1TB of bloat to the keyserver network by adding 5MB (to stay > under the limit) user attribute images to only 200k public keys. By > contrast, assuming a signature is 2KB, they would need to submit 200m > bogus signatures to have the same impact.
Then again, generating a batch of bogus signatures is a rather trivial task as well. And it seems just as easy to upload 5MB with bogus new signatures to a key as 5MB with user attribute images. Johan
pgpfC9PFmSX9y.pgp
Description: PGP signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel