[Cryptography] [openpgp] OpenPGP SEIP downgrade attack

[Peter Gutmann]

Werner Koch <wk at gnupg.org> writes:

>More important however is my remark that we need to get MDC deployed so 
>that we can issue an error for non MDC packets instead of just a warning.

We don't need to get it deployed, we need to get it replaced by encrypt-
then-MAC, with the whole handled in a manner where downgrade attacks aren't
possible.

Peter.