[Cryptography] [openpgp] OpenPGP SEIP downgrade attack

David Leon Gil coruus at gmail.com
Mon Oct 5 22:19:58 EDT 2015


This is a very nice explanation of the downgrade attack. I suspect that its
discovery predates your work: See
https://github.com/google/end-to-end/issues/161 (scroll down a bit) for a
bug where I note it.

On Mon, Oct 5, 2015 at 6:52 PM Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

> Werner Koch <wk at gnupg.org> writes:
>
> >More important however is my remark that we need to get MDC deployed so
> >that we can issue an error for non MDC packets instead of just a warning.
>
> We don't need to get it deployed, we need to get it replaced by encrypt-
> then-MAC, with the whole handled in a manner where downgrade attacks aren't
> possible.
>
> Peter.
>
> _______________________________________________
> openpgp mailing list
> openpgp at ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151006/0df40fd6/attachment.html>


More information about the cryptography mailing list