Re: Phil Zimmermann's suggestion for large ciphers

[uri <uri@xxxxxxxxxxxxxx>]

Adam Back says:
> Starting from PRZs functionality list, I agree with the design.

(:-)

> However i think the functionality list has a gap: it doesn't cover
> that many people will want to continue using IDEA, 3DES, blowfish.
> There will remain no way to prevent message modification for unsigned
> messages for these.

And there's absolutely no protection for those who continue
using unencrypted unsigned e-mail.

I say - the world is moving forward. 

It is bad enough to have to be compatible with the existing
"old" methods - it will be far worse to have to in addition
be compatible with "new old" methods. Enough is enough.


> is important too, and I therefore think it would be quite useful to
> have a MDC in signed and encrypted messages (as well as just encrypted
> messages) for the non-large ciphers too.

We agree here.

> Now if one adds to PRZs functionality list that we want this to be
> backwards compatible so that non-large ciphers can use it, you need a
> way to send a MDC inside an encryption envelope such that it won't
> cause current implementations to barf.  For this the appended hash
> method doesn't work (or at least I can see no elegant way to make it
> work).

A good enough reason for me to vote down the support for MDC in
"old" ciphers.

> For this reason I would argue for a new signature type `symmetric
> MDC', where you put a hash (or a MAC) in a signature packet.

No MAC - as MAC will require yet another key.


> I argue that these benefits make it worth favoring the new signature
> type over appended hash approach.

Let's say that we disagree here.
-- 
Regards,
Uri		uri@xxxxxxxxxxxxxx
-=-=-=-=-=-=-
<Disclaimer>