On Tue, Nov 06, 2007 at 10:46:49AM -0800, Jon Callas wrote:
When we started the working group, there were many things that I
thought would be great to "fix." That included OpenPGP CFB. These
days, I care a lot less.
The reason is that while the OpenPGP CFB is eccentric, it's not
wrong. CFB itself has a parallelism with CBC. Just about every thing
you can say about CFB has a parallel thing you can say about CBC. If
you want real change, you'd want to do something else, which has a
different set of issues.
If we put in some new mode, the implementations will have to support
them both for years. If a major or quasi-major implementation balks,
then that time increases. That increases code size and complexity,
and that decreases security.
Unless a mode change is folded in with a compelling other reason, I
don't see it's worth the bother. Every system has warts. This is not
a large one.
Exactly. That's why I say that *if* we do this, we should do it as
part of V5 keys. It's not important enough to do on its own.
I should add that I'm not exactly eager to go down the V5 keys path
without a good reason either. It would be nice to tweak some V4
details (fingerprints being SHA-1), but I don't think those details
are compelling enough to justify a V5 by themselves.