Hi Stefan. Am Donnerstag, den 10.01.2019, 19:33 +0100 schrieb Stefan Claas: > On Thu, 10 Jan 2019 18:38:36 +0100, > dirk.gottschalk1...@googlemail.com wrote:
> Hi Dirk, > > Am Donnerstag, den 10.01.2019, 16:23 +0100 schrieb Stefan Claas: > > And this prevents also prevents an unintended DoS which means a > > very big key by mistake. It's okay to allow the generation of > > everything a user wants, especially in open source software where > > everybody can change the values. A hard limit would make no sense > > at all. > Just wondering, have you ever used other (more modern) open source > crypto software, which have hard limits and still get's the job done? Yes, there sure is, but, as long as the tool is open source and anybody who wants to change the limit to his own, such limits are useless. Regarding to this, the Parameter is applied to avoid reading larger Packets than 16M for importing and so on, on the client side. So, if a 'bad guy' alters his version of GPG in a way to create such abusive keys, the other users with an unaltered version should not get into trouble with such a key. Okay, it's quite possible to set this read limit down to, let's say, 8M, but I think 16M is a good limit to avoid hanging and other side effects with a way to large key. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
