Re: [Sks-devel] Oh, Jeeez...!

2016-05-24 Thread Chris Morrow
At Wed, 25 May 2016 00:04:05 +0200, Arnold wrote: > > On 24-05-16 18:17, Tobias Frei wrote: > > Adding proof of work can only prevent an attack that depends on a huge > > number of > > useless keys. > > Setting a maximum upload size can help and is easy to implement locally. > Further, > it is

Re: [Sks-devel] Oh, Jeeez...!

2016-05-24 Thread Arnold
On 24-05-16 18:17, Tobias Frei wrote: > Adding proof of work can only prevent an attack that depends on a huge number > of > useless keys. Setting a maximum upload size can help and is easy to implement locally. Further, it is possible to limit the rate at which a single IP (or IPv6/64) can

Re: [Sks-devel] Oh, Jeeez...!

2016-05-24 Thread Christoph Egger
Tobias Frei writes: > About lacking keys, well, if the pool selection mechanism causes > working keyservers to be removed, that's a separate problem that needs > to be solved after this one, I think. It should not be an argument for > or against this suggestion, but

Re: [Sks-devel] Oh, Jeeez...!

2016-05-24 Thread Tobias Frei
Hi, Adding proof of work can only prevent an attack that depends on a huge number of useless keys. Someone else once mentioned that a single key with an illegal image ID can already cause huge problems, and deleting such a key can become the only way to be legally allowed to continue running a

Re: [Sks-devel] Oh, Jeeez...!

2016-05-24 Thread Pascal Levasseur
Le 24/05/2016 06:33, Kiss Gabor (Bitman) a écrit : > Guys, > > Have you remembered I'm continuosly worrying about > trolls pumping 10-20 millions of dummy keys into key servers? > It is started... > > http://keys.niif.hu/pks/lookup?op=vindex=0x0B7F8B60E3EDFAE3 > (Scroll over the whole page.) >

Re: [Sks-devel] Oh, Jeeez...!

2016-05-24 Thread Gabor Kiss
> I think the only reasonable solution is that every server operator gets a > local blacklist that can be filled with keys / signatures / regex etc. and > that only prevents matched entries from being saved to the database. To > remove a key from all servers, all operators would need to add it to

Re: [Sks-devel] Oh, Jeeez...!

2016-05-24 Thread Sven Kocksch
Zitat von Tobias Frei : Hi, to be honest, it somehow makes me happy that we're finally being forced to find a solution for this. It could have started worse. I think the only reasonable solution is that every server operator gets a local blacklist that can be filled

Re: [Sks-devel] Oh, Jeeez...!

2016-05-24 Thread Tobias Frei
Hi, to be honest, it somehow makes me happy that we're finally being forced to find a solution for this. It could have started worse. I think the only reasonable solution is that every server operator gets a local blacklist that can be filled with keys / signatures / regex etc. and that only