From f3745f1a2bbf08e7e1abed1a980f076ffa4f1dfd Mon Sep 17 00:00:00 2001
From: Jonathan McDowell <noodles@earth.li>
Date: Sun, 8 Sep 2019 18:05:38 +0100
Subject: [PATCH] Add configuration file comment for check_packet_size option

---
 onak.ini.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/onak.ini.in b/onak.ini.in
index 7149b5a..92e02d8 100644
--- a/onak.ini.in
+++ b/onak.ini.in
@@ -19,6 +19,9 @@ max_reply_keys=128
 ; Blacklist certain fingerprints (e.g. EVIL32). One fingerprint per line,
 ; comment lines start with #
 ;blacklist=blacklist.txt
+; Check the size of packets, dropping overly large UIDs / signature packets
+; as per draft-dkg-openpgp-abuse-resistant-keystore 4.1
+;check_packet_size=false
 ; Verify signature hashes - verify that the hash a signature claims to be
 ; over matches the hash of the data. Does not actually verify the signature.
 check_sighash=true
-- 
2.39.2