Re: Anybody know details about Schneier's "flaw"?

lutz@iks-jena.de (Lutz Donnerhacke) Thu, 15 August 2002 07:59 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA16496 for <openpgp-archive@odin.ietf.org>; Thu, 15 Aug 2002 03:59:33 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g7F7pc726777 for ietf-openpgp-bks; Thu, 15 Aug 2002 00:51:38 -0700 (PDT)
Received: from branwen.iks-jena.de (root@branwen.iks-jena.de [217.17.192.90]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7F7pbw26768 for <ietf-openpgp@imc.org>; Thu, 15 Aug 2002 00:51:37 -0700 (PDT)
Received: from branwen.iks-jena.de (localhost [127.0.0.1]) by branwen.iks-jena.de (8.12.5/8.12.1) with ESMTP id g7F7pZ1O015624 for <ietf-openpgp@imc.org>; Thu, 15 Aug 2002 09:51:35 +0200
Received: (from news@localhost) by branwen.iks-jena.de (8.12.5/8.12.1/Submit) id g7F7pZT7015623 for ietf-openpgp@imc.org; Thu, 15 Aug 2002 09:51:35 +0200
To: ietf-openpgp@imc.org
Path: lutz
From: lutz@iks-jena.de (Lutz Donnerhacke)
Newsgroups: iks.lists.ietf-open-pgp
Subject: Re: Anybody know details about Schneier's "flaw"?
Date: Thu, 15 Aug 2002 07:51:35 +0000 (UTC)
Organization: IKS GmbH Jena
Lines: 9
Message-ID: <slrnalmnc6.or.lutz@taranis.iks-jena.de>
References: <OF9923FC72.471DB72D-ON86256C15.0075AE1A@kodak.com> <B9809634.727B%jon@callas.org>
NNTP-Posting-Host: taranis.iks-jena.de
X-Trace: branwen.iks-jena.de 1029397895 15611 217.17.192.37 (15 Aug 2002 07:51:35 GMT)
X-Complaints-To: usenet@iks-jena.de
NNTP-Posting-Date: Thu, 15 Aug 2002 07:51:35 +0000 (UTC)
User-Agent: slrn/0.9.6.3 (Linux)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

* Jon Callas wrote:
>The text that is in there is some talk in the sections on compression, which
>say that a decompression error should be considered to be a security
>problem, not a data problem (in other words, don't typically let the user
>have the damaged plaintext), and some language that recommends encouraging
>people to use MDCs. There is also a relatively long section in Security
>Considerations. Take a look, I think you'll like it.

Fine. I don't support Schneiers Claim to withdraw 'uncompressed'-compression.