gpg > addphoto

Stefan Claas sac at 300baud.de
Thu Jan 10 15:56:43 CET 2019


On Wed, 9 Jan 2019 23:13:33 +0000, Damien Goutte-Gattat wrote:
> On Wed, Jan 09, 2019 at 11:29:06PM +0100, dirk1980ac via Gnupg-users wrote:
> > > I only wanted to know why such a large image size in the first
> > > place was chosen, when GnuPG suggest a much much smaller
> > > size. :-)  
> > 
> > I think the 16M are from times, where RAM was nbot measured in GB.  
> 
> Not quite. If you look at the code’s history, you’ll find that the 16MB
> limit is actually from 2014 [1]. There was no limitation on the size of
> user attribute packets before that.

Thanks for the info!

> It is wise to be careful when you abruptly introduce a limitation that
> did not exist before; 16MB was chosen because it is big enough to avoid
> breaking any existing key with a legitimate user attribute packet, while
> still preventing DoS attempts with deliberately oversized packets.

Have you or anybody else seen such a large and legitimate attribute
packet, also one from before 2014? I really would like to see such a
key to get a better understanding.
 
Regards
Stefan



More information about the Gnupg-users mailing list