Re: Question about MDC Packets

David Shaw <> Thu, 22 August 2002 17:40 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id NAA03950 for <>; Thu, 22 Aug 2002 13:40:10 -0400 (EDT)
Received: by (8.11.6/8.11.3) id g7MHWO512803 for ietf-openpgp-bks; Thu, 22 Aug 2002 10:32:24 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.3) with ESMTP id g7MHWM212797 for <>; Thu, 22 Aug 2002 10:32:23 -0700 (PDT)
Received: (from dshaw@localhost) by (8.11.6/8.11.6) id g7MHWE402708 for; Thu, 22 Aug 2002 13:32:14 -0400
Date: Thu, 22 Aug 2002 13:32:14 -0400
From: David Shaw <>
To: OpenPGP <>
Subject: Re: Question about MDC Packets
Message-ID: <>
Mail-Followup-To: OpenPGP <>
References: <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-Phase-Of-Moon: The Moon is Full
User-Agent: Mutt/1.5.1i
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>

On Wed, Aug 21, 2002 at 10:43:19PM -0700, Len Sassaman wrote:

> We're in the process of adding AES and MDC support to Mixmaster. I need to
> decide whether to we want to go the "be liberal... but conservative" route
> and only use MDC if specified in the features subpacket, or the more
> secure route, and use MDC whenever a key lists prefs 7 through 10
> (presumably, we could do this even if we weren't actually choosing those
> ciphers for encryption, i.e. if CAST5 was listed first). I'd prefer to do
> it in the latter fashion, but...
> I just read over the source code for Hushmail's OpenPGP features. It
> appears that they were working off of RFC2440-bis2, and therefore didn't
> know anything about the MDC packets. Hushmail keys are generated with
> symmetric cipher prefs "9 8 7 3".  Consequently, Hushmail users cannot
> decrypt messages encrypted with AES using the MDC packet. An example key
> is attached at the bottom of this email.
> It would be unfortunate to have more compatibility problems between
> implementations of OpenPGP. Would it be unreasonable to state in the spec
> that implementations supporting ciphers other than 0 through 4 SHOULD be
> able to handle the MDC packets (perhaps in the paragraph in 5.13 which
> mentions AES and Twofish currently)?

Seems to me that the draft already states that *all* implementations
SHOULD be able to handle MDC packets, regardless of cipher ("An
implementation SHOULD prefer this to the older Symmetrically Encrypted
Data Packet when possible.").

The question is really what to do to determine when it is
"possible". ;)


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson