[Top] [All Lists]

RE: I-D ACTION:draft-ietf-smime-rfc2632bis-00.txt

2002-03-29 14:59:35


The PKIX PKAlgs Document does include MD2. It is included for exactly the reason that Blake stated.

I think that we should include is as a MAY for validation. I do not think that anyone should generate new certificates that use MD2.


At 03:55 PM 3/18/2002 -0600, Jim Schaad wrote:

MD2 is is known to have pseudo collisions.  In the previous version of
the draft md2 was a SHOULD (along with the rest of the RSA algorithms).
You have promoted it when I consider it to be a suspect algorithm.

There is a difference between what we consider to be good practice and
how backwards compability works.  I think that making it a MAY (or
omitting entirely) and adding a note that this is a common algorithm
still (is that really true? 11 out of 108 with what types of experation
dates) is sufficent to address your needs without having an endorsement
of this as a good algorithm on our (the WG) part.

Remember that md2 is not an acceptable PKIX algorithm.  I think we
should follow that lead.


> -----Original Message-----
> From: Blake Ramsdell [mailto:blake(_at_)brutesquadlabs(_dot_)com]
> Sent: Monday, March 18, 2002 3:10 PM
> To: jimsch(_at_)exmsft(_dot_)com; ietf-smime(_at_)imc(_dot_)org
> Subject: Re: I-D ACTION:draft-ietf-smime-rfc2632bis-00.txt
> Thanks for the comments, Jim -- one quick question below.
> ----- Original Message -----
> From: "Jim Schaad" <jimsch(_at_)nwlink(_dot_)com>
> To: <ietf-smime(_at_)imc(_dot_)org>; "'Blake Ramsdell'"
> <blake(_at_)brutesquadlabs(_dot_)com>
> Sent: Monday, March 18, 2002 10:27 AM
> Subject: RE: I-D ACTION:draft-ietf-smime-rfc2632bis-00.txt
> > 1.  I strongly disagree that md2-with-RSA is a MUST.  I think this
> > should be a MAY or omitted.
> On what basis you you disagree?
> For compatibility, dropping MD2 may not be the best idea.
> Based on a quick
> evaluation of the root self-signed certificates that I have,
> I found 108
> total certificates, 11 of which were signed with MD2 (44 were
> signed with
> MD5, the rest with SHA-1).
> Blake