Sean Turner wrote:
2) MD2 is still used. In GnuTLS I recall _adding_ support for MD2 as
recently as (according to NEWS logs) in 2005. If I recall correctly,
some Verisign root certificates are MD2. Note that in GnuTLS,
verifying a certificate involving a MD2 digital signature will fail
because MD2 is insecure, but the algorithm is still implemented and
supported.
Thus the text in your document "many TLS implementations, OpenSSL,
Network Security Services, and GNUTLS, have disabled support for MD2"
may not be the entire story. GnuTLS "supports" MD2 even though it
does not consider it secure. I can't speak for OpenSSL or NSS, but I
suspect they implement MD2 too and can verify such digital hashes,
even if they don't consider them secure.
Yeah that might have been a bit strong. Maybe:
Additionally, many TLS implementations, OpenSSL, Network Security
Services, and GNUTLS, support MD2 but recommend it only for backwards
compatibility.
I went back and looked at this a little closer. I found that GNUTLS
now turns MD2 off by default:
https://rhn.redhat.com/errata/RHSA-2010-0166.html
I also found that NSS does also have MD2 turned off, but it looks you
can turn it back on by setting an environment variable.
spt
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime