[PATCH] MD2 for libgcrypt
smueller at chronox.de
Tue Jul 20 18:40:53 CEST 2010
Am Dienstag 20 Juli 2010, um 17:54:49 schrieb Jeff Johnson:
> On Jul 20, 2010, at 11:15 AM, Daniel Kahn Gillmor wrote:
> > On 07/20/2010 03:11 AM, Werner Koch wrote:
> >> For one the legal state of the algorithm is not clear: It is likely that
> >> it has been taken from the RFC which has a non-commercial clause. In
> >> this regard it is similar to arcfour. The GNU project is very
> >> cautiousness on these issues and thus we would need to clear the legal
> >> state first (meaning long dicussions with RSA Inc). I don't think this
> >> is justified. And of course we need a copyright assignment and code
> >> which is clearly not based on rfc 1319.
> > Maybe the docs could indicate this somehow? currently the manual 
> > only says:
> > GCRY_MD_MD2
> > This is an reserved identifier for MD-2; there is no implementation
> > yet. This algorithm has severe weaknesses and should not be used.
> > an additional concise note about the specific legal encumbrances you're
> > worried about might save other implementors time in the future (and
> > might lead to a resolution of those legal concerns).
> Documenting doesn't resolve the issue. As already reported, RFE for
> MD2 -> libgcrypt comes along regular as clockwork every few years
> with sound reasons supporting every possible POV.
Only this time, we have a working implementation :-)
| Cui bono? |
More information about the Gcrypt-devel