Add configuration file comment for check_packet_size option

author Jonathan McDowell <noodles@earth.li>

Sun, 8 Sep 2019 17:05:38 +0000 (18:05 +0100)

committer Jonathan McDowell <noodles@earth.li>

Sun, 8 Sep 2019 17:05:38 +0000 (18:05 +0100)
author Jonathan McDowell <noodles@earth.li>
Sun, 8 Sep 2019 17:05:38 +0000 (18:05 +0100)
committer Jonathan McDowell <noodles@earth.li>
Sun, 8 Sep 2019 17:05:38 +0000 (18:05 +0100)
diff --git a/onak.ini.in b/onak.ini.in

index 7149b5a7e56f6c8c8edc4a401e6a64a5b3474a7f..92e02d80caf50dd00c87e1df34a99cdaf7f69d8d 100644 (file)
--- a/onak.ini.in
+++ b/onak.ini.in
@@ -19,6 +19,9 @@ max_reply_keys=128
  ; Blacklist certain fingerprints (e.g. EVIL32). One fingerprint per line,
  ; comment lines start with #
  ;blacklist=blacklist.txt
+; Check the size of packets, dropping overly large UIDs / signature packets
+; as per draft-dkg-openpgp-abuse-resistant-keystore 4.1
+;check_packet_size=false
  ; Verify signature hashes - verify that the hash a signature claims to be
  ; over matches the hash of the data. Does not actually verify the signature.
  check_sighash=true
author	Jonathan McDowell <noodles@earth.li>
	Sun, 8 Sep 2019 17:05:38 +0000 (18:05 +0100)
committer	Jonathan McDowell <noodles@earth.li>
	Sun, 8 Sep 2019 17:05:38 +0000 (18:05 +0100)