ietf-openpgp
[Top] [All Lists]

Re: New Encrypted Data Packet?

2005-04-04 09:34:01

Jon Callas wrote:

When the Mister-Zuccherato attack came out at the beginning of the year, one of the suggestions that we had was to re-do the encrypted data packet and MDC. It seems that there's not really a lot of consensus to fix it, that merely working around the problem seems to be adequate? Am I right in that perception? Do we want to upgrade it?

I still think it's a good idea, myself, particularly since if you want wide deployment of such a thing for the future getting on it now is a good idea. But I would also like to really close out 2440bis, too. (However, the two are not mutually exclusive. We could close out 2440bis and put the upgrades into a followon RFC.)


Close out 2440bis, with no more changes.  I think we are well
past the point where fiddling around improving things is worth
anything.  Unless we have a major major break, nothing should
change in the protocol, would be my call.

(Which would not be to say that Ben's observations over the
weekend didn't look extremely useful.)

(As to future revisions, I recall in prior times it has been
discussed that we wouldn't talk about future changes until
2440bis was closed out.)

iang
--
News and views on what matters in finance+crypto:
        http://financialcryptography.com/


<Prev in Thread] Current Thread [Next in Thread>