I am fine with this approach.
At 03:55 PM 3/29/2002 -0800, Blake Ramsdell wrote:
----- Original Message -----
From: "Housley, Russ" <rhousley(_at_)rsasecurity(_dot_)com>
Cc: "'Blake Ramsdell'" <blake(_at_)brutesquadlabs(_dot_)com>;
Sent: Friday, March 29, 2002 1:57 PM
Subject: RE: I-D ACTION:draft-ietf-smime-rfc2632bis-00.txt
> I think that we should include is as a MAY for validation. I do not think
> that anyone should generate new certificates that use MD2.
My opinion is we should say SHOULD verify, and MUST NOT generate, perhaps
mentioning the known issues with MD2 in the security considerations.