[Top] [All Lists]

Re: [smime] [Cfrg] [Fwd: I-D ACTION:draft-turner-md2-to-historic-00.txt]

2010-06-10 12:33:39
On Thu, 10 Jun 2010, Simon Josefsson wrote:

2) MD2 is still used.  In GnuTLS I recall _adding_ support for MD2 as
  recently as (according to NEWS logs) in 2005.  If I recall correctly,
  some Verisign root certificates are MD2.  Note that in GnuTLS,
  verifying a certificate involving a MD2 digital signature will fail
  because MD2 is insecure, but the algorithm is still implemented and

Verisign had a root cert that was self-signed by MD2. When Dan Kaminsky and I found that, Dan talked to Versign, and they reissued the cert signed with SHA-1. The original cert is still valid in older browsers, but there should no longer be any MD2 certs in use in the public CA system. (Who knows about private enterprise deployments, however.)

I support deprecating MD2. We are one incremental improvement in MD2 attack speed away from a massive break.

smime mailing list

<Prev in Thread] Current Thread [Next in Thread>