This is a very nice explanation of the downgrade attack. I suspect that its
discovery predates your work: See
https://github.com/google/end-to-end/issues/161 (scroll down a bit) for a
bug where I note it.
On Mon, Oct 5, 2015 at 6:52 PM Peter Gutmann
<pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz>
wrote:
Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
More important however is my remark that we need to get MDC deployed so
that we can issue an error for non MDC packets instead of just a warning.
We don't need to get it deployed, we need to get it replaced by encrypt-
then-MAC, with the whole handled in a manner where downgrade attacks aren't
possible.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp