Tom,
I'll make an observation about predicatble message text that
came up in private email exchanges this week. Use of MIME contents
within PEM will create opportunities for longer, predictable character
sequences at the beginning of messages. Also, many folks put trailers
at the end of messages and those provide lots of predictable text.
Even those of us who do not use trailers ("signature files") often
terminate messages with a couple of line breaks and our first name.
This too would often provide 8 or more bytes of predictable text.
I think we should not be arguing about known plaintext attacks
in the PEM environment when there are many circumstances where they
will naturally arise, unless we impose restrictions on the format of
messages we encrypt. Our goal has been to encrypt any well-formed 822
message content, and we are extending that to MIME contents. If we
really felt that the encryption would be substantively weakened by
known plaintext attacks, I think we have a more serious problem than
can be addressed by encrypting IVs.
Steve