Since we're trying to make FreeIPA work in FIPS we got to the point
where we need to do something with MD5 fingerprints in the cert plugin.
Eventually we came to a realization that it'd be best to get rid of them
as a whole. These are counted by the framework and are not stored
anywhere. Note that alongside with these fingerprints SHA1 fingerprints
are also counted and those are there to stay.
The question for this ML is, then - is it OK to remove these or would
you rather have them replaced with SHA-256 alongside the SHA-1? MD5 is a
grandpa and I think it should go.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code