On Mon, Jul 22, 2002 at 12:49:00PM -0700, Jon Callas wrote:
On 7/22/02 12:10 PM, "Len Sassaman" <rabbi(_at_)quickie(_dot_)net> wrote:
In RFC 2440-bis5:5.13, it says:
There is a corresponding feature in the features signature subpacket
that denotes that an implementation can properly use this packet
type. An implementation SHOULD NOT use this packet when encrypting
to a recipient that does not state it can use this packet, and
SHOULD prefer this to older Symmetrically Encrypted Data Packet when
possible.
This doesn't, however, give any indication of what to do when using pure
symmetric encryption. What is the preferred behavior when symmetrically
encrypting a file using AES? Should an OpenPGP implementation use the MDC
by default?
Do you know anything about who is going to be decrypting it? Do you have
some reasonable expectation they can understand it? If so, then yes.
There is nothing wrong with an implementation being somewhat weasely. If you
make the guess that if someone wants to use AES, then the target is modern
enough to understand an MDC, you'd probably be right. You could even
convincingly harumph if someone does *not* use an MDC but went to the
trouble to do AES.
Incidentally, it's important that people start using MDCs more.
FWIW, GnuPG does what Jon describes here and generates a MDC for AES
and TWOFISH.
David
--
David Shaw | dshaw(_at_)jabberwocky(_dot_)com | WWW
http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson