ietf-openpgp
[Top] [All Lists]

Re: [openpgp] OpenPGP SEIP downgrade attack

2015-10-05 21:20:15
This is a very nice explanation of the downgrade attack. I suspect that its
discovery predates your work: See
https://github.com/google/end-to-end/issues/161 (scroll down a bit) for a
bug where I note it.

On Mon, Oct 5, 2015 at 6:52 PM Peter Gutmann 
<pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz>
wrote:

Werner Koch <wk(_at_)gnupg(_dot_)org> writes:

More important however is my remark that we need to get MDC deployed so
that we can issue an error for non MDC packets instead of just a warning.

We don't need to get it deployed, we need to get it replaced by encrypt-
then-MAC, with the whole handled in a manner where downgrade attacks aren't
possible.

Peter.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp