[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Proposal: Start verifying self-signatures
From: |
Arnold |
Subject: |
Re: [Sks-devel] Proposal: Start verifying self-signatures |
Date: |
Mon, 18 May 2015 21:40:13 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 |
On 18-05-15 21:26, Johan van Selst wrote:
> Daniel Roesler wrote:
>> Uploading user attribute packets with bogus self-signatures is
>> probably the easiest way to DoS the entire keyserver network. A bot
>> could add 1TB of bloat to the keyserver network by adding 5MB (to stay
>> under the limit) user attribute images to only 200k public keys. By
>> contrast, assuming a signature is 2KB, they would need to submit 200m
>> bogus signatures to have the same impact.
>
> Then again, generating a batch of bogus signatures is a rather trivial
> task as well.
So Johan, do you mean "let's do nothing, as this single one proposal does not
protect us from *all* evil"? Or do you mean "we have to implement the proposal
and
think about how we can mitigate other attack vectors to the SKS-network", like
the
one you mentioned?
Regards,
Arnold
- Re: [Sks-devel] Proposal: Start verifying self-signatures, (continued)
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Kristian Fiskerstrand, 2015/05/17
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/17
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/17
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Robert J. Hansen, 2015/05/17
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Arnold, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Gabor Kiss, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Johan van Selst, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures,
Arnold <=
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Johan van Selst, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Robert J. Hansen, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Robert J. Hansen, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, address@hidden, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Gabor Kiss, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, address@hidden, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Arnold, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Kahn Gillmor, 2015/05/19