md2 support?

[Martijn Koster]

Hi all,

I ran into various certificate chains that gnutls cannot verify because
they use a Verisign CA certificate with an md2 hash, which is not
supported in gnutls, because there is no md2 support in libgcrypt.

This was previously reported by Luca Centamore, archived in
http://lists.gnupg.org/pipermail/gpa-dev/2003-October.txt.
Werner Koch explained md2 support was removed because rfc1319 lists it
as licensed for PEM only, and because the algorithm is ancient and
useless.

I recalled hearing that RSA had later extended that license to "any
purpose", and after some searching I found this documented at
http://www.ietf.org/ietf/IPR/RSA-MD-all. Does this address Werner's
licensing concerns?

Now I know the use of MD2 is no longer recommended because of
weaknesses. But it seems wrong to restrict the ability to communicate
with SSL servers using those certificates solely because we know the
checksum algorithm is weak. For comparison, Mozilla's NSS does support
these certificates. Personally I would obtain certificates that wouldn't
have these issues, but obviously these certificates issued to third
parties are not something I can control.

I would therefore ask you to please reconsider adding md2-support back.

Regards,

-- Martijn