Hi Steffen, the limit you are seeing there is for individual packets[1] inside a key. There is a separate configurable limit for the whole key size (which is 1 MB in the configuration used by default with the docker-compose setup)
I use the default limits in my HockeyPuck server and I also see a lot of such warnings (and also for oversized keys). In many cases such big packets are from images embedded in they keys. As those are not used by HockeyPuck or SKS at all, many operators decide to discard them. And of course it also helps with some types of key spam attacks[2]. [1] See https://datatracker.ietf.org/doc/html/rfc4880#section-4.1 for the meaning of packet in this context. [2] https://github.com/hockeypuck/hockeypuck/wiki/HIP-1:-Regaining-control-over-public-key-identity-with-authenticated-key-management#summary-of-the-key-spam-problem Best regards, Iñaki. On mié, jun 15 2022, Steffen Kaiser wrote: > On 15.06.22 13:33, Steffen Kaiser wrote: >> On 30.05.22 22:09, Steffen Kaiser wrote: >> > Dear list, >> >> after some other issues and some testing of >> https://deb.cyberbits.eu/hockeypuck/, I'll give Hockeypuck a try. > > I see lots of > > level=warning msg="dropped packet" length=16471 max=8192 > > which is a key exceeding the limit of 8KB, if I'm not mistaken. > > What limit does the list recommend for a "pool" server? The last 3h more > than 2500 keys seems to be ignored. > > Kind regards,>
signature.asc
Description: PGP signature
