The keybox has a hard limit on the size of a keyblock of currently 5 MiB. It may happen that the keyblock is just below that size and a user wants to import a revocation certificate - for any object of the key or for the keyblock itself. This may fail in this case. To fix this we should have a soft limit and a hard limit where the latter is used only when importing revocations.
- Entire key revocations: Only a few extra bytes are required.
- User id revocation: A bit more space require but the number of user ids can be assumed to be a low number for real keys
- Subkey revocation: There might be more subkeys than user ids but the number will still be low.
- key-signature revocations: This can be used for a DoS and thus they need to be capped at the soft-limit like all other objects.