On Tue, Nov 06, 2007 at 09:47:56AM -0500, Derek Atkins wrote:
I'd leave it up to the WG about whether we want to retire CFB mode,
I don't have a feel for any consensus on that.
I don't have particularly strong feelings about CFB mode itself, but I
do think it would be nice to move to a more standard mode, rather than
our own OpenPGP CFB mode.
It's not a big deal, and I don't see any particular need to change it
quickly as I don't think OpenPGP CFB is insecure or somehow bad. The
issue is more that OpenPGP CFB needs to be repeatedly explained ("Hey,
why does this thing use its own cipher mode? Can you prove it is
If we do head down that road, I'd suggest doing it as part of
something else, like V5 keys. It's not really important enough to
justify doing by itself, and doing it as part of V5 helps prevent
compatibility problems, as there would be no mixture of
implementations some with regular CFB and some with OpenPGP CFB: a V5
key would mean regular CFB from the start.
(Substitute your favorite (but standard) mode for "regular CFB" in the
above if you like.)