From owner-freebsd-current@FreeBSD.ORG  Fri Dec 27 15:50:22 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 32B01122
 for <freebsd-current@freebsd.org>; Fri, 27 Dec 2013 15:50:22 +0000 (UTC)
Received: from acme.spoerlein.net (acme.spoerlein.net
 [IPv6:2a01:4f8:131:23c2::1])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id A628F18CB
 for <freebsd-current@freebsd.org>; Fri, 27 Dec 2013 15:50:21 +0000 (UTC)
Received: from localhost (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1])
 by acme.spoerlein.net (8.14.7/8.14.7) with ESMTP id rBRFoGwQ055728
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Fri, 27 Dec 2013 16:50:17 +0100 (CET) (envelope-from uqs@FreeBSD.org)
Date: Fri, 27 Dec 2013 16:50:16 +0100
From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= <uqs@FreeBSD.org>
To: "Mikhail T." <mi+thun@aldan.algebra.com>
Subject: Re: md2 on current and 10.
Message-ID: <20131227155016.GG42663@acme.spoerlein.net>
Mail-Followup-To: "Mikhail T." <mi+thun@aldan.algebra.com>,
 olli hauer <ohauer@gmx.de>,
 Current FreeBSD <freebsd-current@freebsd.org>
References: <52B392D9.4030507@aldan.algebra.com> <52B483D7.7080302@gmx.de>
 <52B4BAC2.3050001@aldan.algebra.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <52B4BAC2.3050001@aldan.algebra.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: olli hauer <ohauer@gmx.de>, Current FreeBSD <freebsd-current@freebsd.org>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Dec 2013 15:50:22 -0000

On Fri, 2013-12-20 at 16:46:42 -0500, Mikhail T. wrote:
> Thinking more about the MD2, I'd say, FreeBSD should not have removed the algorithm.
> 
> Although no longer deemed sufficiently secure, it is still in use and people
> using it on FreeBSD-8.x and 9.x today may wish to continue doing so after
> upgrading to 10.x
> 
> In the old "Mechanism vs. Policy" debate
> <http://en.wikipedia.org/wiki/Separation_of_mechanism_and_policy> we erred on
> the side of policy and it does not seem right... Whether or not to use MD2 is
> (or should be) left up to the users of FreeBSD. Even if OpenSSL no longer
> provides it, libmd should continue to.
> 
> In other words, /if you like your digest algorithm, you can keep it/. Yours,

Seconded. What should people use if some of their old data is using MD2
for verification? How can they now easily check that their data (from
tape or whatever) still matches the fingerprint?

Cheers,
Uli