© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
Why don't we implement the "secure by default" principle
and just ban MD2 and MD4? CERT_VerifyCert would fail with
the SEC_ERROR_
chain (except the root CA cert) is signed with RSA-MD2
or RSA-MD4? Then apps, when upgrading to the new NSS,
will automatically get verification failures on those
certs. The apps that still want to support RSA-MD2 and
RSA-MD4 can choose to stick with NSS 3.12.2 or add
code to handle the SEC_ERROR_
If all apps need to both upgrade to the new NSS and
add calls to NSS_SetAlgorith
behavior, that'll be a big hassle and that's even
more boilerplate code one needs to write to use NSS.