ietf-openpgp
[Top] [All Lists]

Re: Message Integrity

1999-04-23 12:43:07
hal(_at_)rain(_dot_)org writes:

Or even better, use a special encryption packet to indicate that there
is a MIC (MDC) following, and a special MIC packet to hold it following

I think this will be the cleanest solution.

  * Create a new encrypted data packet:
    - 1 byte version number (please, we have this on most others too)
    - 1 byte mdc-algorithm  (hash algorithm used or 0 for no MDC)
    - n byte encrypted-data (in standard CFB mode with prepended
                             random and check bytes)    
    
  * Create a MDC packet:
    - 1 byte  version number  
    - 1 byte  mdc-algorithm (should be > 0 )
    - n bytes hash  

I don't know whether it is better to use 1 or 3 for the version
numbers.  I think PGP 6 has some new packet types, so someone
else should suggest the numbers.

Implementation of this seems to be more easier than the hacked
signature packets.  Maybe a little bit more code but much easier to
understand.  And we don't need to redefine the specs (I still remember
the trouble I had when using the old rfc1991 comment packet and then
the one from the draft).

We can state that the new ciphers (which are not yet defined in the
specs) SHOULD use the new encryption packet. 


  Werner

-- 
Werner Koch at guug.de           www.gnupg.org           keyid 621CC013