> So how do we enforce MDC checking at the receiving end? I assume this is > something that has to be handled by the calling program at the moment.
By default, GnuPG will scream bloody murder if a message lacks an MDC or
if the MDC is invalid. At that point it's up to your email client to
pay attention to the warning and do the right thing. Enigmail 2.0 and
later are fine, but I can't speak for other systems.
Of course, if you're crazy enough to disable the MDC check
("--no-mdc-warning") then all bets are off, but really, you'll get what
you deserve.
> I see that MDC is the default for all modern ciphers, but does that imply
> that MDC *checking* is the default?
MDC is an attribute of the packet, not the cipher. By default, all
ciphers in the GnuPG suite use MDC.
Hope this puts your mind at ease. :)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
