At Wed, 25 May 2016 00:04:05 +0200, Arnold wrote: > > On 24-05-16 18:17, Tobias Frei wrote: > > Adding proof of work can only prevent an attack that depends on a huge > > number of > > useless keys. > > Setting a maximum upload size can help and is easy to implement locally. > Further, > it is possible to limit the rate at which a single IP (or IPv6/64) can upload > new > or updated keys.
A determined attacker can already simply increment their IID on a v6 capable interface through a /64... so I'm not sure limits/ip are helpful. A coordinated botnet of ~200k (not unheard of) ipv4 connected endpoints could also busily upload to local keyservers 1 key per second. -chris _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel