Daniel Kahn Gillmor <[email protected]> writes: >This is indeed the "janky MDC thing" Tom is talking about. > >from the spec: > > The body of this packet consists of: > > - A 20-octet SHA-1 hash of the preceding plaintext data of the > Symmetrically Encrypted Integrity Protected Data packet, > including prefix data, the tag octet, and length octet of the > Modification Detection Code packet.
Just as a data point, CMS (S/MIME) also has an integrity-protection option, but it uses encrypt-then-MAC, and also MACs the metadata associated with the encrypted data (the IV and other information). If OpenPGP were updated to do MDC a bit better, I'd vote for an EtM mechanism to replace the current MDC hack. Peter. _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
