Re: Long Holiday?

[dontspam-tzeruch@xxxxxxxxxx]

On Wed, 8 Jul 1998, John  W. Noerenberg wrote:

> At 10:40 PM +0100 7/8/98, Adam Back wrote:
> >The other thing which I raised was MACs (or MDCs) to prevent against
> >Gary Howlands attack first discussed at HIP97.  PGP made statements
> >about fixing it back then.
> >
> >Now I am not particularly arguing that the necessary changes go into
> >this version, because it is rather late in the day and it needs some
> >careful thought, however it would be most nice if implementations of
> >OpenPGP 1.0 could cope with OpenPGP 2.0 messages which did contain
> >MACs without falling over.
> 
> Oh, yes, Adam.  There hadn't been much discussion.  It slipped past me.
> Jon, is Adam's description sufficient for you to write something for -06?
> 
> How much heartache does adding this cause implementors (and if it does, can
> you really afford not to deal with it)?
> john noerenberg
> jwn2@xxxxxxxxxxxx

I AM NOT PROPOSING THE FOLLOWING, BUT JUST AS AN EXAMPLE:

Unless they do something nonsensical, it would be easy to extend 1.0 - for
example, a signature algorithm of 0 means the message digest is stored in
the clear (maybe as a MPI), and leave the rest of the format alone.  Old
implmentations should fail gracefully with "unknown signature algorithm". 
The onepass signature header lets the "MAC" be at the end yet insures that
someone can't just delete the "MAC".

So there should be upwards compatible ways of preventing the attack.
There are intrusive ways (new packets, new formats), but I think those can
be avoided.

--- reply to tzeruch - at - ceddec - dot - com ---