On 15/08/2019 08:50, Robert J. Hansen wrote: > Additionally, the bad guys can create new malicious certificates faster > than the keyserver network can blacklist.
Plus, the attacker could just create a signature that looks likely to be real (self-sig or existing third-party sig seems a good candidate). Only when actually doing the cryptographic verification will it turn out to be fake anyway. By that time the amount of processing GnuPG has done is already enough for the denial of service. I think the attacker only used cryptographically valid signatures because it was easier to use existing tooling. There is no reason for the poison to be cryptographically valid. It just has to be slightly expensive to verify. GnuPG doesn't even get to the bit where the signature is validated, since the signing key isn't on the keyring, and still, we have this DoS. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupgfirstname.lastname@example.org http://lists.gnupg.org/mailman/listinfo/gnupg-users