[Top] [All Lists]

Re: OpenPGP CFB mode (was Re: Next Steps)

2007-11-06 12:28:32

On Tue, Nov 06, 2007 at 10:46:49AM -0800, Jon Callas wrote:

When we started the working group, there were many things that I  
thought would be great to "fix." That included OpenPGP CFB. These  
days, I care a lot less.

The reason is that while the OpenPGP CFB is eccentric, it's not  
wrong. CFB itself has a parallelism with CBC. Just about every thing  
you can say about CFB has a parallel thing you can say about CBC. If  
you want real change, you'd want to do something else, which has a  
different set of issues.

If we put in some new mode, the implementations will have to support  
them both for years. If a major or quasi-major implementation balks,  
then that time increases. That increases code size and complexity,  
and that decreases security.

Unless a mode change is folded in with a compelling other reason, I  
don't see it's worth the bother. Every system has warts. This is not  
a large one.

Exactly.  That's why I say that *if* we do this, we should do it as
part of V5 keys.  It's not important enough to do on its own.

I should add that I'm not exactly eager to go down the V5 keys path
without a good reason either.  It would be nice to tweak some V4
details (fingerprints being SHA-1), but I don't think those details
are compelling enough to justify a V5 by themselves.