[PATCH] MD2 for libgcrypt
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jul 19 21:11:23 CEST 2010
On 07/19/2010 02:15 PM, Stephan Mueller wrote:
> Both, there is the root cert (and I concur with your assessment), but there
> are also intermediate certs with MD2 too.
intermediate certs using MD2 should themselves be considered broken, as
certifications from root CAs over MD2 are susceptible to a preimage attack:
http://en.wikipedia.org/wiki/MD2_%28cryptography%29#Security
It would be a bad thing to accept intermediate certificates over the
network that were certified with MD2.
If you're talking about shipping certs of known intermediate authorities
as part of a package of trusted authorities, then those are actually
equivalent to root authorities, not intermediate authorities (even if
their own certs are not self-signed).
> Well, Werner already told me that he is not integrating the patches. However,
> as the patches only enable the signature verification of an already existing
> signature, I cannot fully understand the decision.
Are the patches rejected due to poor implementation? due to licensing
reasons? or due to a desire to not ship the MD2 functionality in
libgcrypt? or due to some other reason?
sorry for having to ask, but i never saw a response on the list, so i'm
in the dark.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100719/9f9ab32a/attachment.pgp>
More information about the Gcrypt-devel
mailing list