At Wed, 25 May 2016 00:04:05 +0200,
Arnold wrote:
>
> On 24-05-16 18:17, Tobias Frei wrote:
> > Adding proof of work can only prevent an attack that depends on a huge
> > number of
> > useless keys.
>
> Setting a maximum upload size can help and is easy to implement locally.
> Further,
> it is
On 24-05-16 18:17, Tobias Frei wrote:
> Adding proof of work can only prevent an attack that depends on a huge number
> of
> useless keys.
Setting a maximum upload size can help and is easy to implement locally.
Further,
it is possible to limit the rate at which a single IP (or IPv6/64) can
Tobias Frei writes:
> About lacking keys, well, if the pool selection mechanism causes
> working keyservers to be removed, that's a separate problem that needs
> to be solved after this one, I think. It should not be an argument for
> or against this suggestion, but
Hi,
Adding proof of work can only prevent an attack that depends on a huge
number of useless keys. Someone else once mentioned that a single key with
an illegal image ID can already cause huge problems, and deleting such a
key can become the only way to be legally allowed to continue running a
Le 24/05/2016 06:33, Kiss Gabor (Bitman) a écrit :
> Guys,
>
> Have you remembered I'm continuosly worrying about
> trolls pumping 10-20 millions of dummy keys into key servers?
> It is started...
>
> http://keys.niif.hu/pks/lookup?op=vindex=0x0B7F8B60E3EDFAE3
> (Scroll over the whole page.)
>
> I think the only reasonable solution is that every server operator gets a
> local blacklist that can be filled with keys / signatures / regex etc. and
> that only prevents matched entries from being saved to the database. To
> remove a key from all servers, all operators would need to add it to
Zitat von Tobias Frei :
Hi,
to be honest, it somehow makes me happy that we're finally being forced to
find a solution for this. It could have started worse.
I think the only reasonable solution is that every server operator gets a
local blacklist that can be filled
Hi,
to be honest, it somehow makes me happy that we're finally being forced to
find a solution for this. It could have started worse.
I think the only reasonable solution is that every server operator gets a
local blacklist that can be filled with keys / signatures / regex etc. and
that only