I understand that gpg 1.4.9 computes a MDC code by default. According to my research this corresponds to to Sym. Encrypted and Integrity Protected Data Packet (tag 18) in the PGP spec. If the file is signed doesn't this also provide modification protection (in addition to providing proof of sender's identity)?
I think this might be the case because I wrote code using the BouncyCastle API and and noticed that when one verified a signed file, a signature is computed from the encrypted data stream and compared against the one recorded in the file.
I'm trying to understand whether there is some redundancy here or if these two mechanisms serve different purposes.