Wasn't this discussed at some point in the past and the suggestion
made that all 128 bit block ciphers use MDC as they were introduced at
roughly the same time.
That leaves the hushmail problem. But due to their software
architecture presumably forced software upgrades are easy. (Just
publish new java code, the fact that the cached code is more recent on
the server takes care of the rest.) Any other implementations
ignoring this rule?
I'm guessing this discussed rule never made it into the spec. (We
have a general issue with over laxness on compatibility issues -- as
long as it's possible in theory to interoperate, the concencus in the
past has seemed to be to stop there.)
All implementations MUST use MDC with > 64 bit block cipher algorithms
(such as AES).
Adam
On Thu, Aug 22, 2002 at 01:32:14PM -0400, David Shaw wrote:
Seems to me that the draft already states that *all* implementations
SHOULD be able to handle MDC packets, regardless of cipher ("An
implementation SHOULD prefer this to the older Symmetrically Encrypted
Data Packet when possible.").
The question is really what to do to determine when it is
"possible". ;)