Len Sassaman <Len(_dot_)Sassaman(_at_)esat(_dot_)kuleuven(_dot_)be> writes:
(At least, I personally verifed Chrome and FireFox. I *think* IE and Opera
were patched, too -- they should be.) So now we hope that browsers released
prior to mid-2009 are retired from use before MD2 is broken in practice.
Given the longevity of browsers, it's going to be close.
I assume you're thinking of IE6 there :-). Was the fix done in CryptoAPI or
in the browser itself? If it was an update to CryptoAPI then even IE6 should
be OK (can anyone from MS comment on this?).
smime mailing list