The flaw he appears to be talking about is that the OpenPGP MDC doesn't cover metadata; the message must be parsed to recover the authenticator before the authenticator can be checked, and so the ciphertext is malleable.
The properties he's talking about for CFB are largely true of CTR as well (the gold standard in streaming modes). I think, by suggesting PGP use a "different mode", he may instead mean it would be better if PGP used an authenticated encryption mode.
Authentication is a weak spot for PGP, since its design predates much of authenticated cryptography.
The flaw he appears to be talking about is that the OpenPGP MDC doesn't cover metadata; the message must be parsed to recover the authenticator before the authenticator can be checked, and so the ciphertext is malleable.
The properties he's talking about for CFB are largely true of CTR as well (the gold standard in streaming modes). I think, by suggesting PGP use a "different mode", he may instead mean it would be better if PGP used an authenticated encryption mode.
Authentication is a weak spot for PGP, since its design predates much of authenticated cryptography.