sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Keyserver] Hockeypuck 2.1.0 released

From: Andrew Gallagher
Subject: Re: [Keyserver] Hockeypuck 2.1.0 released
Date: Thu, 10 Dec 2020 19:59:46 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
How do you handle the gradual degradation of sync as different operators implement divergent blacklists? 

A

On 10/12/2020 17:07, Casey Marshall wrote:
I've released Hockeypuck 2.1.0 <https://github.com/hockeypuck/hockeypuck/releases/tag/2.1.0> [0], which contains several new features that may be useful to mitigate spamming/flooding/DoS [1] attacks on GnuPG and keyservers. See the release link for details, but here's the highlights: 

  * Configurable key length and packet size limits, with sensible
    defaults to limit keyserver resource consumption (1MB and 8K
    respectively).
  * Configurable blacklist of primary key fingerprints.
  * Authenticated key management. This adds a couple of extra endpoints
    which allow a key owner to replace and delete their key,
    authenticated by signing the armored key in the request. This allows
    a key owner to still update their own key once it has been inflated
    beyond the key length limit.
Blacklists and auth key management may also be of interest to keyserver operators subject to GDPR-related requests. 


-Casey
[0] https://github.com/hockeypuck/hockeypuck/releases/tag/2.1.0 <https://github.com/hockeypuck/hockeypuck/releases/tag/2.1.0>
[1] https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f <https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f> 




--
Andrew Gallagher

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]