On 18-05-15 21:26, Johan van Selst wrote: > Daniel Roesler wrote: >> Uploading user attribute packets with bogus self-signatures is >> probably the easiest way to DoS the entire keyserver network. A bot >> could add 1TB of bloat to the keyserver network by adding 5MB (to stay >> under the limit) user attribute images to only 200k public keys. By >> contrast, assuming a signature is 2KB, they would need to submit 200m >> bogus signatures to have the same impact. > > Then again, generating a batch of bogus signatures is a rather trivial > task as well.
So Johan, do you mean "let's do nothing, as this single one proposal does not protect us from *all* evil"? Or do you mean "we have to implement the proposal and think about how we can mitigate other attack vectors to the SKS-network", like the one you mentioned? Regards, Arnold _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel