Date: Fri, 20 Dec 2013 16:46:42 -0500 From: "Mikhail T." <mi+thun@aldan.algebra.com> To: olli hauer <ohauer@gmx.de>, Current FreeBSD <freebsd-current@freebsd.org> Subject: Re: md2 on current and 10. Message-ID: <52B4BAC2.3050001@aldan.algebra.com> In-Reply-To: <52B483D7.7080302@gmx.de> References: <52B392D9.4030507@aldan.algebra.com> <52B483D7.7080302@gmx.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Thinking more about the MD2, I'd say, FreeBSD should not have removed the algorithm. Although no longer deemed sufficiently secure, it is still in use and people using it on FreeBSD-8.x and 9.x today may wish to continue doing so after upgrading to 10.x In the old "Mechanism vs. Policy" debate <http://en.wikipedia.org/wiki/Separation_of_mechanism_and_policy>; we erred on the side of policy and it does not seem right... Whether or not to use MD2 is (or should be) left up to the users of FreeBSD. Even if OpenSSL no longer provides it, libmd should continue to. In other words, /if you like your digest algorithm, you can keep it/. Yours, -mi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52B4BAC2.3050001>