Adam Back, <aba(_at_)dcs(_dot_)ex(_dot_)ac(_dot_)uk>, writes:
The consensus that I've seen since late last year is for a new data
packet that has a standard encryption mode, be it CFB or CBC, and a
hash in it.
I did a little grepping of last years open-pgp traffic. The posts
discussing MDCs are below. None of them mentions this idea.
Actually, there was some mention of it, but it did not use
the term MDC so your grep did not find it. Take a look at
http://www.imc.org/ietf-open-pgp/mail-archive/msg01670.html where you
are responding to an earlier comment by Jon:
: > I thought the consensus was that with 1.X we would look at adding
: > some form of integrity check, perhaps with a new type of encrypted
: > data packet.
: The reason I am keen on adding a MAC is a) it is broken (badly in my
: view) and needs fixing; b) it is easy to fix; c) it does not affect
: backwards compatibility.
: I prefer a digest packet inside the encrypted envelope (at the end of
: the plaintext to aid one-pass processing), rather than a MAC for
: reasons of simplicity (people already have code to compute and emit
: digest packets for the available hashes). It is probably easiest to
: define the digest packet as a signature packet. (This can then borrow
: the one pass packets etc from existing signature parts).
Not so different from the present discussion...