Re. the discussion of how to cope with combined random-prefix/checksum
method with stream ciphers, this is a not an immediate problem because
there are no stream ciphers listed as MAY/SHOULD/MUST algorithms
currently.
A stream cipher would suffer even worse from attacks modifying known
plaintext than conventionally encrypted data without MACs.
A stream cipher would also be problematic if used for conventionally
encrypted messages, and conventionally encrypted private keys on the
private keyring -- the symmetric key is derived from the passphrase,
which means you get the same key each time.
Even using the Symmetric-Key Encrypted Session Key packets are dubious
unless you start using a block cipher for the SKESK packet.
This suggets to me that stream ciphers need to be designed for
properly before being put in, and that this can wait for next version.
re. larger block ciphers, the current draft does actually specify what
to do:
: Note that for an algorithm that has a larger block size than 64
: bits, the equivalent function will be done with that entire block.
Though Jon and Tom are it sounds like suggesting changing 8 and 10 to
blocksize and blocksize+2 to clarify.
Adam