[Cryptography] [openpgp] OpenPGP SEIP downgrade attack
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Oct 5 21:51:58 EDT 2015
Werner Koch <wk at gnupg.org> writes:
>More important however is my remark that we need to get MDC deployed so
>that we can issue an error for non MDC packets instead of just a warning.
We don't need to get it deployed, we need to get it replaced by encrypt-
then-MAC, with the whole handled in a manner where downgrade attacks aren't
possible.
Peter.
More information about the cryptography
mailing list