sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hockeypuck recommended key size limit setting?

From: Andrew Gallagher
Subject: Re: hockeypuck recommended key size limit setting?
Date: Wed, 15 Jun 2022 17:27:27 +0100
On 15 Jun 2022, at 14:36, Steffen Kaiser <skasks@infcs.de> wrote:

I see lots of

level=warning msg="dropped packet" length=16471 max=8192

which is a key exceeding the limit of 8KB, if I'm not mistaken.

That’s a single packet exceeding the packet size limit of 8k, whereas the total key size limit is 1MB. The respective defaults in the distribution are set to:

maxPacketLength=8192
maxKeyLength=1048576

You should only see packet size errors when syncing with a hockeypuck peer IF it enforces a larger size limit than you (or has done so at some point in the past, the limits are not retrospective). By contrast, it is possible to violate the max key size even if your peer’s copy is below your size limit, because key material is additive.

What limit does the list recommend for a "pool" server? The last 3h more
than 2500 keys seems to be ignored.

It’s a good idea to choose something close to that of your peers, to minimise churn. So I’d strongly recommend sticking to the defaults above.

A

Attachment: signature.asc
Description: Message signed with OpenPGP

reply via email to
[Prev in Thread] Current Thread [Next in Thread]