On 14.05.18 19:32, Werner Koch wrote: [...] >> 1. change the default behaviour of GPG so that any integrity failure is >> fatal by default, even for old ciphersuites (we could have a flag to > > I am all in favor of this and even considered to that some time ago. > However, not too long ago we removed support for PGP-2 keys which > unfortunately resulted in lots of angry mails from people who now think > they need to use gnupg 1.4 every day because they seem to read mails > From the last century on a regular base. Well, they think and they were > quite vocal. Now telling them they need to enable an option to read > certain not that old mail (e.g. creating by other OpenPGP > implementations) will a) lead to even more angry mails and b) they will > keep on using that option for all mails. Thus my tentative plan was to > make the next major version hard fail on messages without MDC and slowly > start using our forthcoming AEAD encryption mode. > > Well okay, with the new support of the Ehtmlfail paper we could now > point to that paper and always hard error out if no MDC is used even for > old algorithms. Shall we consider this?
Yes, I think that's a good idea. -Patrick _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
