Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
And wait another 15 years until it has been taken up by all implementations?
What is wrong with the planned AE mode?
Which has just as little support as a planned EtM mode?
The reason why I prefer EtM is that it can be pretty trivially retrofitted to
existing crypto (just add a SHA-256 MAC somewhere) and is compatible with any
existing cipher, while whatever AEAD mechanism is chosen (I'm guessing AES-
GCM, which seems to be fashionable) is purely for AES, there's no Twofish or
CAST or whatever AEAD mode defined.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp