On 3/10/2011 5:23 AM, Hauke Laging wrote: > You made a brute force calculation. Why should keyservers allow brute force > searches for hash IDs? If you use millions of remotely controlled idiot PCs > simultaneously for that then it may be hard to track them but then we are > close to a DoS, aren't we?
Not at all. Every few days the keyserver network posts complete dumps of all the certificates in the system. (Or, more accurately, various people within the network do.) This exists so that new volunteers who want to contribute their services to the community can get their own servers bootstrapped. If I want to brute-force the certificates, I'd just say, "hey, I'm interested in standing up a new keyserver," get a dump of all the certs, and then do the brute forcing on my own system without ever needing to hit the network. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
