> Have the bureaucrats who define standards have finally fixed the DOS > issues about keys spammed with signatures or is it still being > "discussed whether they are even needed."?
GnuPG had a bug in the key importation code which made it run in time proportional to the square of the number of signatures. Importing a certificate with 100,000 signatures was literally a hundred million times slower than importing a certificate with 10. That bug has since been fixed. With judicious use of the various -clean options, the key spamming bug is effectively dead... on the GnuPG side: on the SKS side, people are still filling up SKS keyservers with spam. SKS is a completely separate project from GnuPG, and has no RFC guiding it. So the "bureaucratic" project has it resolved, and the "free to innovate" project has been unable to innovate. (Note: I'm not blaming SKS. This is a hard problem. I personally don't think SKS can be saved.)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users