MDC and GnuPG as a filter

Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
Mon Aug 12 15:58:01 2002


It looks as if an application should start processing the decrypted
data only after the MDC packet has been verified.  (Have a look at
this paper: http://www.counterpane.com/pgp-attack.html -- most of you
probably know it already.)

Unfortunately, this breaks one-pass processing for OpenPGP data.  The
whole plaintext has to be stored, and in general, processing can only
begin after all data has been received. :-(

Or am I missing something?

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898