On Wed, Aug 21, 2002 at 10:43:19PM -0700, Len Sassaman wrote:
We're in the process of adding AES and MDC support to Mixmaster. I need to
decide whether to we want to go the "be liberal... but conservative" route
and only use MDC if specified in the features subpacket, or the more
secure route, and use MDC whenever a key lists prefs 7 through 10
(presumably, we could do this even if we weren't actually choosing those
ciphers for encryption, i.e. if CAST5 was listed first). I'd prefer to do
it in the latter fashion, but...
I just read over the source code for Hushmail's OpenPGP features. It
appears that they were working off of RFC2440-bis2, and therefore didn't
know anything about the MDC packets. Hushmail keys are generated with
symmetric cipher prefs "9 8 7 3". Consequently, Hushmail users cannot
decrypt messages encrypted with AES using the MDC packet. An example key
is attached at the bottom of this email.
It would be unfortunate to have more compatibility problems between
implementations of OpenPGP. Would it be unreasonable to state in the spec
that implementations supporting ciphers other than 0 through 4 SHOULD be
able to handle the MDC packets (perhaps in the paragraph in 5.13 which
mentions AES and Twofish currently)?
Seems to me that the draft already states that *all* implementations
SHOULD be able to handle MDC packets, regardless of cipher ("An
implementation SHOULD prefer this to the older Symmetrically Encrypted
Data Packet when possible.").
The question is really what to do to determine when it is
"possible". ;)
David
--
David Shaw | dshaw(_at_)jabberwocky(_dot_)com | WWW
http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson