[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Oh, Jeeez...!
From: |
Chris Morrow |
Subject: |
Re: [Sks-devel] Oh, Jeeez...! |
Date: |
Tue, 24 May 2016 21:21:50 -0400 |
User-agent: |
Wanderlust/2.15.9 (Almost Unreal) Emacs/24.3 Mule/6.0 (HANACHIRUSATO) |
At Wed, 25 May 2016 00:04:05 +0200,
Arnold wrote:
>
> On 24-05-16 18:17, Tobias Frei wrote:
> > Adding proof of work can only prevent an attack that depends on a huge
> > number of
> > useless keys.
>
> Setting a maximum upload size can help and is easy to implement locally.
> Further,
> it is possible to limit the rate at which a single IP (or IPv6/64) can upload
> new
> or updated keys.
A determined attacker can already simply increment their IID on a v6
capable interface through a /64... so I'm not sure limits/ip are
helpful.
A coordinated botnet of ~200k (not unheard of) ipv4 connected
endpoints could also busily upload to local keyservers 1 key per
second.
-chris