[PATCH] MD2 for libgcrypt
Werner Koch
wk at gnupg.org
Sat Jul 24 09:05:01 CEST 2010
Stephan Mueller <smueller at chronox.de> writes:
> Yes, agreed from my side as well. But what can you do if customers force you
> to use it, even with MD2?
An option might be to add flag to trustlist.txt, similar to "relax",
which suppresses validation of the root certificate.
I agree that validation of the root certifciate is not necessary because
we check the fingerprint anyway. However that extra check revealed some
probelms in the past and thus I don't want to drop it completely. I
can't remeber but there might have been a specification which required
this validation.
This won't help Daniel's request for adding a MD2 to use libgcrypt as a
crypto bench.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel
mailing list