The other thing which I raised was MACs (or MDCs) to prevent against
Gary Howlands attack first discussed at HIP97. PGP made statements
about fixing it back then.
Now I am not particularly arguing that the necessary changes go into
this version, because it is rather late in the day and it needs some
careful thought, however it would be most nice if implementations of
OpenPGP 1.0 could cope with OpenPGP 2.0 messages which did contain
MACs without falling over.
That is to still return plaintext of the message together with perhaps
a warning that there was an unimplemented-in-this-version
cryptographic checksum which couldn't be checked.
My thoughts of where MACs would fit into the framework is that they
would be a new kind of signature packet (ie one based on symmetric
crypto -- keyed off the session key or other data inside the
encryption envelope).
So could we for example reserve a MAC signature packet ID with a
lenght packet and define that it should be ignored, and otherwise
stepped over by OpenPGP 1.0 implementations.
Also I think it would need a corresponding entry in the one-pass
signature framework.
Would someone at PGP with thoughts on how they are planning to fix
this in PGP6.x like to think of what would be necessary and propose
the few edits required to make sure it will work smoothly when
introduced?
Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`