[Cryptography] [openpgp] OpenPGP SEIP downgrade attack

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Oct 5 21:51:58 EDT 2015

Werner Koch <wk at gnupg.org> writes:

>More important however is my remark that we need to get MDC deployed so 
>that we can issue an error for non MDC packets instead of just a warning.

We don't need to get it deployed, we need to get it replaced by encrypt-
then-MAC, with the whole handled in a manner where downgrade attacks aren't


More information about the cryptography mailing list