m.koster at greenhills.co.uk
Mon Dec 6 12:09:31 CET 2004
I ran into various certificate chains that gnutls cannot verify because
they use a Verisign CA certificate with an md2 hash, which is not
supported in gnutls, because there is no md2 support in libgcrypt.
This was previously reported by Luca Centamore, archived in
Werner Koch explained md2 support was removed because rfc1319 lists it
as licensed for PEM only, and because the algorithm is ancient and
I recalled hearing that RSA had later extended that license to "any
purpose", and after some searching I found this documented at
http://www.ietf.org/ietf/IPR/RSA-MD-all. Does this address Werner's
Now I know the use of MD2 is no longer recommended because of
weaknesses. But it seems wrong to restrict the ability to communicate
with SSL servers using those certificates solely because we know the
checksum algorithm is weak. For comparison, Mozilla's NSS does support
these certificates. Personally I would obtain certificates that wouldn't
have these issues, but obviously these certificates issued to third
parties are not something I can control.
I would therefore ask you to please reconsider adding md2-support back.
More information about the Gcrypt-devel