sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Oh, Jeeez...!

From: Chris Morrow
Subject: Re: [Sks-devel] Oh, Jeeez...!
Date: Tue, 24 May 2016 21:21:50 -0400
User-agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.3 Mule/6.0 (HANACHIRUSATO) 
At Wed, 25 May 2016 00:04:05 +0200,
Arnold wrote:
> 
> On 24-05-16 18:17, Tobias Frei wrote:
> > Adding proof of work can only prevent an attack that depends on a huge 
> > number of
> > useless keys.
> 
> Setting a maximum upload size can help and is easy to implement locally. 
> Further,
> it is possible to limit the rate at which a single IP (or IPv6/64) can upload 
> new
> or updated keys.

A determined attacker can already simply increment their IID on a v6
capable interface through a /64... so I'm not sure limits/ip are
helpful.

A coordinated botnet of ~200k (not unheard of) ipv4 connected
endpoints could also busily upload to local keyservers 1 key per
second.

-chris
reply via email to
[Prev in Thread] Current Thread [Next in Thread]