[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Broken keyservers (413 Request Entity Too Large)
|
From: |
David Benfell |
|
Subject: |
Re: [Sks-devel] Broken keyservers (413 Request Entity Too Large) |
|
Date: |
Thu, 4 Sep 2014 11:14:10 -0700 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Thu, Sep 04, 2014 at 02:31:38PM +0200, Arnold wrote:
> On 04-09-14 08:16, Christoph Egger wrote:
> > Seems uploading my gpg key (d49ae731) to pool.sks-keyservers.net fails
> > for several of the hosts in rotation:
>
> The question is: is the key too large, or should we accept keys of *every*
> size?
>
> Accepting every key size does not scale well in the long term. It can also
> lead to
> a nasty DOS attack: upload many huge keys to eat all the public key server
> resources. We currently have no means to remove keys or specific key data.
>
Actually, I think this isn't the problem you're making it out to be.
Ellyptic Curve Cryptography keys are much smaller and will be
supported in GPG 2.1. Some implementations of 2.0 also seem to support
these keys currently.
The largest RSA key size I've seen implemented is 8192. This is in APG
(the Android variant). I would suggest setting an upper bound of
16384.
--
David Benfell <address@hidden>
See https://parts-unknown.org/node/2 if you don't understand the
attachment.
pgpvh9h0hmLAx.pgp
Description: PGP signature