[Cryptography] [openpgp] OpenPGP SEIP downgrade attack

Werner Koch wk at gnupg.org
Tue Oct 6 02:55:47 EDT 2015


On Tue,  6 Oct 2015 03:51, pgut001 at cs.auckland.ac.nz said:

> We don't need to get it deployed, we need to get it replaced by encrypt-
> then-MAC, with the whole handled in a manner where downgrade attacks aren't
> possible.

And wait another 15 years until it has been taken up by all
implementations?  What is wrong with the planned AE mode?


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



More information about the cryptography mailing list