From: openpgp [mailto:openpgp-bounces(_at_)ietf(_dot_)org] On Behalf Of Jonas
Magazinius
I've recently been analysing the OpenPGP standard and have found that it is
vulnerable to a chosen-ciphertext attack to downgrade an SEIP packet to a
plain SE packet.
I was going to submit a paper about the attack, but considering how quickly
the challenge was cracked I realised the urgency to report this.
Assuming SE and SEIP now have equivalent security, does anyone suspect a
real-world impact? I.e. is there software that trusts encrypted unsigned data
more than it trusts unencrypted unsigned data?
-Neil
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp