Looking through the archives, I see discussion on how to handle ciphers
with block sizes over 8 bytes, but the resolution was not clear.
The draft has been updated regarding SE data packets (tag 9). This
appears to match the example that Werner Koch posted on April 9, 1999.
(My implementation matches that example.)
The draft makes no mention of how to encrypt secret keys. It still mentions
an 8-byte IV. I didn't see a clear winner in the discussion: an 8-byte IV
seems decidedly inadequate; having the IV length depend on the algorithm number
would require a table for parsing; using a new version number to allow a
length to be inserted wouldn't be too bad. Simply inserting a length (or making
the IV an MPI) for algorithms 6 and beyond would be workable. Was there
a resolution that I missed, and if so, will it be in an upcoming draft? If
the intention is really to stick with an 8-byte IV, can the RFC be updated
to discuss exactly how it works in this context?
The press releases for PGP version 7 from NAI says that it will include
Blowfish support. Can someone from NAI (or a beta customer) confirm
that they conform to the current draft? How do they deal with secret key
encryption using Blowfish?