Re: security fixes (KDF, MDC->MAC)?

Werner Koch <wk@gnupg.org> Fri, 27 September 2002 14:19 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA21491 for <openpgp-archive@lists.ietf.org>; Fri, 27 Sep 2002 10:19:38 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8RECMC05771 for ietf-openpgp-bks; Fri, 27 Sep 2002 07:12:22 -0700 (PDT)
Received: from porta.u64.de (porta.u64.de [194.77.88.106]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8RECKv05764 for <ietf-openpgp@imc.org>; Fri, 27 Sep 2002 07:12:21 -0700 (PDT)
Received: from uucp by kasiski.gnupg.de with local-rmail (Exim 3.32 #1 (Debian)) id 17ux9t-000843-00; Fri, 27 Sep 2002 17:36:01 +0200
Received: from wk by alberti.gnupg.de with local (Exim 3.35 #1 (Debian)) id 17uvnt-0001xm-00; Fri, 27 Sep 2002 16:09:13 +0200
To: ietf-openpgp@imc.org
Subject: Re: security fixes (KDF, MDC->MAC)?
References: <3D94115F.CAF2167A@saiknes.lv>
From: Werner Koch <wk@gnupg.org>
Organisation: g10 Code GmbH
X-Request-PGP: finger://wk@g10code.com
X-PGP-KeyID: 621CC013
X-FSFE-Info: http://fsfeurope.org
Date: Fri, 27 Sep 2002 16:09:13 +0200
In-Reply-To: <3D94115F.CAF2167A@saiknes.lv> (disastry@saiknes.lv's message of "Fri, 27 Sep 2002 10:05:51 +0200")
Message-ID: <8765wr34om.fsf@alberti.gnupg.de>
Lines: 15
User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/20.7 (i386-debian-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Fri, 27 Sep 2002 10:05:51 +0200, disastry  said:

> doesn't this prevent converting packet 18 to 9 ?

Yes.

Even more important is that we push users towards using the MDC feature
so that we eventually can make the "no MDC used" warning an
error. (well, with an option to ignore it so that old message can still
be decrypted)


Shalom-Salam,

   Werner