From owner-freebsd-current@FreeBSD.ORG  Fri Dec 20 21:46:44 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D8C325D8
 for <freebsd-current@freebsd.org>; Fri, 20 Dec 2013 21:46:44 +0000 (UTC)
Received: from smtp.rcn.com (smtp.rcn.com [69.168.97.78])
 by mx1.freebsd.org (Postfix) with ESMTP id 891351DFF
 for <freebsd-current@freebsd.org>; Fri, 20 Dec 2013 21:46:44 +0000 (UTC)
X_CMAE_Category: 0,0 Undefined,Undefined
X-CNFS-Analysis: v=2.1 cv=PquqMW83 c=1 sm=0 tr=0
 a=fEl05wXzeJCkBz9gs2itqQ==:117 a=N1DYviGaBlcA:10 a=b15YM1rgWm8A:10
 a=YNqtyO0l_hcA:10 a=LaogzpLLAAAA:8 a=7oF49_t5QHsA:10 a=r77TgQKjGQsHNAKrUKIA:9
 a=9iDbn-4jx3cA:10 a=cKsnjEOsciEA:10 a=8pif782wAAAA:8 a=tJ81LiTSaCETfcjkJrYA:9
 a=wPNLvfGTeEIA:10 a=Gg2pUZlc82PAtX1nMR4A:9 a=_W_S_7VecoQA:10
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results: smtp02.rcn.cmh.synacor.com
 smtp.mail=mi+thun@aldan.algebra.com; spf=neutral; sender-id=neutral
Authentication-Results: smtp02.rcn.cmh.synacor.com
 header.from=mi+thun@aldan.algebra.com; sender-id=neutral
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.user=anat;
 auth=pass (PLAIN)
Received-SPF: neutral (smtp02.rcn.cmh.synacor.com: 209.6.63.29 is neither
 permitted nor denied by domain of aldan.algebra.com)
Received: from [209.6.63.29] ([209.6.63.29:27363] helo=utka.zajac)
 by smtp.rcn.com (envelope-from <mi+thun@aldan.algebra.com>)
 (ecelerity 2.2.3.49 r(42060/42061)) with ESMTPA
 id 70/63-12147-3CAB4B25; Fri, 20 Dec 2013 16:46:43 -0500
Message-ID: <52B4BAC2.3050001@aldan.algebra.com>
Date: Fri, 20 Dec 2013 16:46:42 -0500
From: "Mikhail T." <mi+thun@aldan.algebra.com>
User-Agent: Mozilla/5.0 (X11; FreeBSD i386;
 rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: olli hauer <ohauer@gmx.de>, Current FreeBSD <freebsd-current@freebsd.org>
Subject: Re: md2 on current and 10.
References: <52B392D9.4030507@aldan.algebra.com> <52B483D7.7080302@gmx.de>
In-Reply-To: <52B483D7.7080302@gmx.de>
X-Mailman-Approved-At: Fri, 20 Dec 2013 21:57:47 +0000
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.17
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2013 21:46:44 -0000

Thinking more about the MD2, I'd say, FreeBSD should not have removed the algorithm.

Although no longer deemed sufficiently secure, it is still in use and people
using it on FreeBSD-8.x and 9.x today may wish to continue doing so after
upgrading to 10.x

In the old "Mechanism vs. Policy" debate
<http://en.wikipedia.org/wiki/Separation_of_mechanism_and_policy> we erred on
the side of policy and it does not seem right... Whether or not to use MD2 is
(or should be) left up to the users of FreeBSD. Even if OpenSSL no longer
provides it, libmd should continue to.

In other words, /if you like your digest algorithm, you can keep it/. Yours,

    -mi