[$] OpenPGP certificate flooding

A problem with the way that OpenPGPpublic-key certificates are handled by key servers and applications iswreaking some havoc, but not just for those who own the certificates (andkeys)-anyone who has those keys on their keyring and does regular updateswill be affected. It is effectively a denial of service attack, but onethat propagates differently than most others. The mechanism of this"certificate flooding" is one that isnormally used to add attestations to the key owner's identity (also known as"signing the key"), but becauseof the way most key servers work, it can be used to fill a certificate with"spam"-with far-reaching effects.