[PATCH] MD2 for libgcrypt

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Jul 19 21:11:23 CEST 2010

On 07/19/2010 02:15 PM, Stephan Mueller wrote:
> Both, there is the root cert (and I concur with your assessment), but there 
> are also intermediate certs with MD2 too.

intermediate certs using MD2 should themselves be considered broken, as
certifications from root CAs over MD2 are susceptible to a preimage attack:


It would be a bad thing to accept intermediate certificates over the
network that were certified with MD2.

If you're talking about shipping certs of known intermediate authorities
as part of a package of trusted authorities, then those are actually
equivalent to root authorities, not intermediate authorities (even if
their own certs are not self-signed).

> Well, Werner already told me that he is not integrating the patches. However, 
> as the patches only enable the signature verification of an already existing 
> signature, I cannot fully understand the decision.

Are the patches rejected due to poor implementation?  due to licensing
reasons?  or due to a desire to not ship the MD2 functionality in
libgcrypt?  or due to some other reason?

sorry for having to ask, but i never saw a response on the list, so i'm
in the dark.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100719/9f9ab32a/attachment.pgp>

More information about the Gcrypt-devel mailing list