Re: [Sks-devel] Proposal: Start verifying self-signatures

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Proposal: Start verifying self-signatures

From:	Johan van Selst
Subject:	Re: [Sks-devel] Proposal: Start verifying self-signatures
Date:	Mon, 18 May 2015 21:26:22 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

Daniel Roesler wrote:
> Uploading user attribute packets with bogus self-signatures is
> probably the easiest way to DoS the entire keyserver network. A bot
> could add 1TB of bloat to the keyserver network by adding 5MB (to stay
> under the limit) user attribute images to only 200k public keys. By
> contrast, assuming a signature is 2KB, they would need to submit 200m
> bogus signatures to have the same impact.

Then again, generating a batch of bogus signatures is a rather trivial
task as well. And it seems just as easy to upload 5MB with bogus new
signatures to a key as 5MB with user attribute images.

Johan

pgptR314A_qDH.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/17
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Kristian Fiskerstrand, 2015/05/17
  - Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/17
  - Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/17
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Alain Wolf, 2015/05/17
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/17
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Robert J. Hansen, 2015/05/17
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Arnold, 2015/05/18
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Gabor Kiss, 2015/05/18
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/18
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Johan van Selst <=
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Arnold, 2015/05/18
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Johan van Selst, 2015/05/18
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Robert J. Hansen, 2015/05/18
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/18
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Robert J. Hansen, 2015/05/18
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, address@hidden, 2015/05/19
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Gabor Kiss, 2015/05/19
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, address@hidden, 2015/05/19
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Arnold, 2015/05/19
    - Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/19

Prev by Date: Re: [Sks-devel] Proposal: Start verifying self-signatures
Next by Date: Re: [Sks-devel] Proposal: Start verifying self-signatures
Previous by thread: Re: [Sks-devel] Proposal: Start verifying self-signatures
Next by thread: Re: [Sks-devel] Proposal: Start verifying self-signatures
Index(es):
- Date
- Thread