A
On 10/12/2020 17:07, Casey Marshall wrote:
I've released Hockeypuck 2.1.0 <https://github.com/hockeypuck/hockeypuck/releases/tag/2.1.0> [0], which contains several new features that may be useful to mitigate spamming/flooding/DoS [1] attacks on GnuPG and keyservers. See the release link for details, but here's the highlights:* Configurable key length and packet size limits, with sensible defaults to limit keyserver resource consumption (1MB and 8K respectively). * Configurable blacklist of primary key fingerprints. * Authenticated key management. This adds a couple of extra endpoints which allow a key owner to replace and delete their key, authenticated by signing the armored key in the request. This allows a key owner to still update their own key once it has been inflated beyond the key length limit.Blacklists and auth key management may also be of interest to keyserver operators subject to GDPR-related requests.-Casey[0] https://github.com/hockeypuck/hockeypuck/releases/tag/2.1.0 <https://github.com/hockeypuck/hockeypuck/releases/tag/2.1.0>[1] https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f <https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f>
-- Andrew Gallagher
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
