[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Agree with PRZs MDC suggestion
On Sat, 22 May 1999, Werner Koch wrote:
> > > Why an extra checksum if we already have an MDC?
> > Because someone was suggesting that if anyone ever changed the algorithm
> > ID byte they could turn off the MDC. That could be prevented by a
> Ah well, I think it is easier to put a copy of the version byte and
> the algorithm identifier into the encrypted text:
Blocksize+2? Are we doing PGP-cfbs still? Also, by mdc_packet, I take it
to mean you mean a real packet (i.e. there is a virtual EOF after the
> > And I might want to specify other algorithm IDs, e.g. the Palm Pilot has
> > MD5 (and DES) in the OS kernel, but not SHA1. I would really prefer to
> > have my MDCs there as MD5, and use 3DES for a minimal Palm implementation.
> Makes sense for me. And I think it is better to use OpenPGP
> dataformats than to use somethin else or invent another one.
> Is it okay to have SHOULD use SHA1-MDC and SHOULD give a warning if
> another MDC is used?
I think SHOULD use SHA1-MDC is best, but I am not sure about the warning
part. I think it might be proper to give a warning on the creation (much
like giving a warning against using MAY or private algorithms other places
where most PGP implementations won't be able to handle it).
I forget if RMD160 or MD5 in the normal context are MAY or SHOULDs, but if
they are SHOULDs, I wouldn't want to give a warning. Implementations
SHOULD be able to use any hash for MDC that they use for signatures.