[Top] [All Lists]

Re: [smime] [saag] [Fwd: I-D ACTION:draft-turner-md2-to-historic-00.txt]

2010-06-22 16:50:45
Sean Turner wrote:
2) MD2 is still used.  In GnuTLS I recall _adding_ support for MD2 as
   recently as (according to NEWS logs) in 2005.  If I recall correctly,
   some Verisign root certificates are MD2.  Note that in GnuTLS,
   verifying a certificate involving a MD2 digital signature will fail
   because MD2 is insecure, but the algorithm is still implemented and

   Thus the text in your document "many TLS implementations, OpenSSL,
   Network Security Services, and GNUTLS, have disabled support for MD2"
   may not be the entire story.  GnuTLS "supports" MD2 even though it
   does not consider it secure.  I can't speak for OpenSSL or NSS, but I
   suspect they implement MD2 too and can verify such digital hashes,
   even if they don't consider them secure.

Yeah that might have been a bit strong.  Maybe:

Additionally, many TLS implementations, OpenSSL, Network Security Services, and GNUTLS, support MD2 but recommend it only for backwards compatibility.

I went back and looked at this a little closer. I found that GNUTLS now turns MD2 off by default:

I also found that NSS does also have MD2 turned off, but it looks you can turn it back on by setting an environment variable.

smime mailing list

<Prev in Thread] Current Thread [Next in Thread>