On Thu, 10 Jun 2010, Simon Josefsson wrote:
2) MD2 is still used. In GnuTLS I recall _adding_ support for MD2 as
recently as (according to NEWS logs) in 2005. If I recall correctly,
some Verisign root certificates are MD2. Note that in GnuTLS,
verifying a certificate involving a MD2 digital signature will fail
because MD2 is insecure, but the algorithm is still implemented and
supported.
Verisign had a root cert that was self-signed by MD2. When Dan Kaminsky
and I found that, Dan talked to Versign, and they reissued the cert signed
with SHA-1. The original cert is still valid in older browsers, but there
should no longer be any MD2 certs in use in the public CA system. (Who
knows about private enterprise deployments, however.)
I support deprecating MD2. We are one incremental improvement in MD2
attack speed away from a massive break.
--Len.
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime