Re: OpenPGP CFB mode (was Re: Next Steps)

On Tue, Nov 06, 2007 at 10:46:49AM -0800, Jon Callas wrote:
> 
> When we started the working group, there were many things that I  
> thought would be great to "fix." That included OpenPGP CFB. These  
> days, I care a lot less.
> 
> The reason is that while the OpenPGP CFB is eccentric, it's not  
> wrong. CFB itself has a parallelism with CBC. Just about every thing  
> you can say about CFB has a parallel thing you can say about CBC. If  
> you want real change, you'd want to do something else, which has a  
> different set of issues.
> 
> If we put in some new mode, the implementations will have to support  
> them both for years. If a major or quasi-major implementation balks,  
> then that time increases. That increases code size and complexity,  
> and that decreases security.
> 
> Unless a mode change is folded in with a compelling other reason, I  
> don't see it's worth the bother. Every system has warts. This is not  
> a large one.

Exactly.  That's why I say that *if* we do this, we should do it as
part of V5 keys.  It's not important enough to do on its own.

I should add that I'm not exactly eager to go down the V5 keys path
without a good reason either.  It would be nice to tweak some V4
details (fingerprints being SHA-1), but I don't think those details
are compelling enough to justify a V5 by themselves.

David