Werner Koch via Gnupg-users wrote: > On Wed, 3 Jul 2019 12:35, [email protected] said: > > > problem but I have read RJH's article). It sounds like SKS servers can > > handle these poisoned keys but GPG can't. That suggests that maybe GPG's > > I think here is a misunderstanding. Sure, processing 150k signatures > takes quite some time and makes things very slow. This is why we call > it a DoS. We can't do much about it. Compare it to X.509 CRLs - they > have a very similar problem (cacert.org is a prominent but not the only > example of CRLs making S/MIME processing very slow). > > The actual problem in gpg when using the keybox format is that only > after processing the imported keys we hit a 5MiB limit for the keyblock > in the database layer. Thus the import fails. Determining the size of > the keyblock as it will be stored requires that we first remove some > (standard) garbage from the keyblock - this takes some time. With the > currently deployed code gpg will just reject any updates from a key if > that limit was reached. That is not a good choice and the reason why I > call it a bug. The fix to this bug is to fallback importing a stripped > down version of the key. The current state is that we keep only > self-signatures and then then import again with import-clean (which is > then basically identical to import-minimal). > > > For example, if the problem is overuse of resources such as memory, could > > the keyring handling code be rewritten to use fewer resources? e.g. treat > > Years ago we had the problem that people uploaded keys with large user > ids and such. Thus we introduced limits to avoid spamming the keyring > with such faked data. There is also an overall limit of 5 MiB for the > entire keyblock which is sufficient for all real-world keyblocks - even > for those with many key-signatures. > > > signatures when importing a key, perhaps there could be a limit to how many > > signatures GPG will verify. Does it really have to verify every single one? > > It needs to validate all self-signature because they make up the > integrity of the keyblock. For key-signature, sure we could introduce a > limit, we actually do that with import-clean because that imports only > those key-signature which we can verify and which are the latest from the > same key (it is possible to sign a key several times to change meta data > associated with the key-signature). > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Hi Werner, Thanks for the detailed explanation. And thanks for gpg. cheers, raf _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
