Jon Callas writes:
The consensus that I've seen is against overloading message integrity on
signature packets.
I disagree. Perhaps you weren't reading.
Tom Zerucha and Werner Koch sounded like they were going to try out
verification packets. I argued for the approach also.
Hal Finney presented the bundled MDC+encrypt approach, and did a
trial implementation.
Uri Watson at first argued against verification packets based on ease
of implementing bundled MDC+enc, but revised that to neutral, viz:
Tom wrote:
Uri wrote:
If you want an MDC, and there is already a place for MDCs, then it should
go there if the format can be adapted.
OK, I don't object as strongly any more. I'm neutral now.
So I tally that as 3 verify packet, one bundled MDC+encrypt, and one
neutral. You breeze in late and call that a concensus for
MDC+encrypt?
We also discussed it in Orlando, and there was great consensus
against it there.
I wasn't at Orlando. No minutes were ever posted that I discovered.
Decisions are supposed to be made on list.
I confess that personally, I also question the wisdom of separating
them. Especially if it requires a shared key.
What shared key? PRZ proposed SHA1 not a keyed MAC.
Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`