[PATCH] MD2 for libgcrypt

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jul 20 17:15:15 CEST 2010

On 07/20/2010 03:11 AM, Werner Koch wrote:
> For one the legal state of the algorithm is not clear: It is likely that
> it has been taken from the RFC which has a non-commercial clause.  In
> this regard it is similar to arcfour.  The GNU project is very
> cautiousness on these issues and thus we would need to clear the legal
> state first (meaning long dicussions with RSA Inc).  I don't think this
> is justified.  And of course we need a copyright assignment and code
> which is clearly not based on rfc 1319.

Maybe the docs could indicate this somehow?  currently the manual [0]
only says:

    This is an reserved identifier for MD-2; there is no implementation
yet. This algorithm has severe weaknesses and should not be used.

an additional concise note about the specific legal encumbrances you're
worried about might save other implementors time in the future (and
might lead to a resolution of those legal concerns).

> The other reasons is that I don't want to keep those old certificates
> alive.

I agree with you here.  but that's not an argument for not including MD2
in libgcrypt.  libgcrypt provides cryptographic primitives, not X.509
business.  the more crypto primitives it can offer, the more attractive
it is as a library.

> A counterpoint would be that the whole X.509 PKI business is entirely
> broken and does not provide any security at all.

agreed, sadly.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100720/aefca613/attachment.pgp>

More information about the Gcrypt-devel mailing list