From owner-freebsd-current@FreeBSD.ORG Thu Jan 9 01:05:53 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F0AB643F for ; Thu, 9 Jan 2014 01:05:53 +0000 (UTC) Received: from mail-pa0-x22c.google.com (mail-pa0-x22c.google.com [IPv6:2607:f8b0:400e:c03::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B8554145D for ; Thu, 9 Jan 2014 01:05:53 +0000 (UTC) Received: by mail-pa0-f44.google.com with SMTP id fa1so2609599pad.3 for ; Wed, 08 Jan 2014 17:05:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=google; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=CjSlHJz2nNQgIFtThbY4OPPJRrSV/YU8B6sN1Edf2GI=; b=le5TWeCWNLL5VjgdBkgLiIZ0nZMWvVimGol11f46roGxeVGhE4uGZ9767nBre8aobW 5GHDXj6Zm8hXL4k8z9N/0M2DFRJf65Pbg7fYMFy3Yuw8IS60GNRe+fy/tT6HtReYkfk/ bxoq5oDSy1n2nvyy3Eejxz+JqaHdmn4WL6Uy0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=CjSlHJz2nNQgIFtThbY4OPPJRrSV/YU8B6sN1Edf2GI=; b=ItxTXFOrqrC6Y7h9ajym/52401kaHqiDYRjY/dPDpil/ANOR6+T5+u76Zl+Ri1DvRm eOR0Ip/kwVNt+7bIHrG106SvIiiqCRq4UeyaTF3pwa3hR35SZtaju1VrJOGdmCagh76Z 70SMB+7GAltcifvsfQ5/kbQ4Mj7ChLYEUhmEifMWutsPKY7Pz5ykFmYbK/ayjwy3fg+i hXThpNfCJQmFuqN5nvQ2G+5D26uDTeYjuEX2RK6EFdUrKFEUMYJuL46lPqsClm7S5pJX ZfdTm2bU0C9iZV8k4ZvCSfPhGgVrxHc8ComBllDWE3MZ/WntmaQrk2BbbfpRYTwxrwcf mGIg== X-Gm-Message-State: ALoCoQmt9z0nEqGwnFJOAhOvJzccyJqyE+jnll4y8VohXH8njYgnttu4GJrySLUFGIosMj+/DxzE X-Received: by 10.66.142.170 with SMTP id rx10mr170132pab.117.1389229553391; Wed, 08 Jan 2014 17:05:53 -0800 (PST) Received: from hater-dm.corp.yahoo.com (nat-dip4.cfw-a-gci.corp.yahoo.com. [209.131.62.113]) by mx.google.com with ESMTPSA id nl7sm5432910pbc.6.2014.01.08.17.05.51 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 08 Jan 2014 17:05:52 -0800 (PST) Message-ID: <52CDF5EF.407@wemm.org> Date: Wed, 08 Jan 2014 17:05:51 -0800 From: Peter Wemm User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Mikhail T Subject: Re: md2 on current and 10. References: <52B392D9.4030507@aldan.algebra.com> <52B483D7.7080302@gmx.de> <52B486AD.7080102@aldan.algebra.com> <52B48E8C.5070804@gmx.de> <52BB2979.5040008@aldan.algebra.com> <52CD6808.1080307@aldan.algebra.com> In-Reply-To: <52CD6808.1080307@aldan.algebra.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: olli hauer , Current FreeBSD X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jan 2014 01:05:54 -0000 On 1/8/14, 7:00 AM, Mikhail T wrote: > On 08.01.2014 02:54, Peter Wemm wrote: >>> > Could we, please, have MD2 resurrected before 10.0 is officially out? >>> > Preferably in both -lmd and -lcrypto, but certainly in the former. Thank >>> > you! Yours, >> The time to bring this up was before the freeze for 10.0, a good 6+ >> months ago. It is way too late now. > First of all, Peter, are you talking as a core-member, or expressing > personal opinion? In any case, I'd say it is not entirely fair to blame me > for reporting a problem "late" -- without any apologies about causing it in > the first place... > > But is it really "too late" to add such a small piece back to where it was? > I'm not talking about resurrecting uucp here... Meanwhile, any existing > MD2-using application will simply break after upgrade -- does that not > bother anyone? If the code was removed after 19 years in the tree, is 6 > months really "too late" to resurrect it? Personal unless stated otherwise. By "too late" I mean the cutoff has already passed for the final RC and there won't be more unless there's an absolute emergency. As for timeliness of the request, here's the original commit: ------------------------------------------------------------------------ r234746 | obrien | 2012-04-27 19:48:51 -0700 (Fri, 27 Apr 2012) | 10 lines Remove the RFC 1319 MD2 Message-Digest Algorithm routines from libmd. 1. The licensing terms for the MD2 routines from RFC is not under a BSD-like license. Instead it is only granted for non-commercial Internet Privacy-Enhanced Mail. 2. MD2 is quite deprecated as it is no longer considered a cryptographically strong algorithm. Discussed with: so (cperciva), core ------------------------------------------------------------------------ The original feature cutoff schedules were: head/ slush: August 24, 2013 head/ freeze: September 7, 2013 10.0 is already late. The original plan would have had 10.0 released in November. That's before the first email in this thread - December. You can always ask the release engineers for an exception, but given that the release is already overdue I'd bet money you won't get a positive reception to a request to a delay for md2. You could ask obrien to revert his commit for head but I'd bet you won't get a positive response there. >> However.. the code in libmd had had a non-commercial use restriction.. >> Even if it wasn't too late, that code won't be back. > That restriction was not (enough of) a problem for 20 years (since 1994) -- > and still is not in 9.x and 8.x. But, Ok... >> Your best bet is to create a crypto/libmd2 port. Start with the code >> from openssl. > Adding such a port increases the number of hoops for any user to jump > through -- and the maintenance costs. Whereas the cost of simply adjusting > the base OpenSSL's configuration to include MD2 functionality is virtually > zero -- a single additional file file will be back (md2.h), and no new > libraries... The path of least resistance is to make a libmd2 port. It's the only way I can see you getting to use it on 10.0. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV UTF-8: for when a ' just won\342\200\231t do.