[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Phil Zimmermann's suggestion for large ciphers
Adam Back says:
> Starting from PRZs functionality list, I agree with the design.
> However i think the functionality list has a gap: it doesn't cover
> that many people will want to continue using IDEA, 3DES, blowfish.
> There will remain no way to prevent message modification for unsigned
> messages for these.
And there's absolutely no protection for those who continue
using unencrypted unsigned e-mail.
I say - the world is moving forward.
It is bad enough to have to be compatible with the existing
"old" methods - it will be far worse to have to in addition
be compatible with "new old" methods. Enough is enough.
> is important too, and I therefore think it would be quite useful to
> have a MDC in signed and encrypted messages (as well as just encrypted
> messages) for the non-large ciphers too.
We agree here.
> Now if one adds to PRZs functionality list that we want this to be
> backwards compatible so that non-large ciphers can use it, you need a
> way to send a MDC inside an encryption envelope such that it won't
> cause current implementations to barf. For this the appended hash
> method doesn't work (or at least I can see no elegant way to make it
A good enough reason for me to vote down the support for MDC in
> For this reason I would argue for a new signature type `symmetric
> MDC', where you put a hash (or a MAC) in a signature packet.
No MAC - as MAC will require yet another key.
> I argue that these benefits make it worth favoring the new signature
> type over appended hash approach.
Let's say that we disagree here.