I wrote:
PGP is typically used to encrypt data at rest (make the chunk size the file
size)
Another thing with that particular case, if you get a MAC failure decrypting
data at rest do you really care? It's more likely a bit-flip somewhere than
someone trying to tamper with your archived sales records from 2003, and I
suspect most people would rather have slightly corrupted data than no data at
all.
That's the nice thing about the standard block cipher modes, they recover from
errors. In... oh, approximately 100% of the encrypted data I have lying
around, I'll happily ignore any auth errors, I just want the plaintext back.
So while it's fun and geeky to dream up something using the latest trendy AEAD
modes, is it something that (a) is necessary and (b) people who aren't geeks
care about?
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp