hal(_at_)rain(_dot_)org writes:
[ About attacks flipping some bits in the headers to
make the receiver think the message has no MDC ]
I suggest that we should design the packets, if possible, to prevent
this attack. What do others feel? Do we care about this kind of attack?
Should we take steps to prevent it, or should we allow it to happen?
I think the easiest solution and the one we did at other places too
is to say:
"Implementations SHOULD use the MDC for ciphers with a blocksize of 64
bit. Implementations MUST use the MDC for ciphers with a blocksize
other than 64. If an implemenations detects a violation of the above
it SHOULD notify the user about this. It MUST do this for messages
encrypted with non-64 bit blocksize cipher."
Or something similar.
--
Werner Koch at guug.de www.gnupg.org keyid 621CC013