At 11:25 AM +0200 10/11/00, Werner Koch wrote:
Another point:
If the use of the MDC packet is not required for at least the modern
ciphers (w/o the feature packet), we should at least add a note that
"An implementation SHOULD issue a warning if one of the new[1] cipher
algorithms is used without the MDC packet".
[1] new: Either explictly list old algorithms or say that new
algorithms are those with a blocklength other than 64 bit.
I don't think that tying MDC and big blocks is a good idea -- in the spec.
I think it is perfectly fine for you implementers to do that. The spec
gives you a lot of latitude, and if you want to only use a big block with
MDCs, that's fine. You need to *decrypt* one, but you don't ever have to
encrypt one. And you're perfectly within your rights to issue warning
messages if you think it's not a good idea.
If you want to limit use more, I have a suggestion: we put in a "feature"
of 128-bit-block ciphers. That way you can declare whether you use them or
not.
Jon