Daniel Stenberg <[EMAIL PROTECTED]> writes: > Besides, there is no --insecure option to the library libcurl (the > command line option modifies two options in the library) and even if I > certainly could introduce an option for this purpose, I'd hesitate to > do so. Mostly because: > > A) libcurl users will want to be able to use publicly available CA certs such > as the Debian one and thus they will want to have MD2/MD5 enabled in a > very large extent (my assumption) > > B) OpenSSL supports MD2/MD5 out of the box and when people switch > libcurl-openssl to libcurl-gnutls they want them to provide the same > feature set, as closely as possible. > > C) OpenSSL doesn't have an option to disable these algorithms, AFAIK. > My (new) ambition in libcurl is to provide an SSL-layer agnostic API that > should make apps able to use libcurl identically and with the same > functionality independent of what SSL-layer it has been built to use. > > There are many (I don't know the exact number) packages in Debian that > depend on libcurl-openssl and judging from public statements, Debian > aims to move them all over to libcurl-gnutls. > > I know all this are headaches of the libcurl project and not really > concerning the GnuTLS project. I'm mainly filling in some info here to > give you guys a background on why I ask all these questions and > stuff. I'll shutup about this now on this list.
I suspect all GnuTLS applications have similar concerns, so I believe it is useful to have the discussion here. Given the recent changes in CVS, I don't think there will be much problems. RSA-MD2 is supported, so the initial problem with www2.net.hsbc.com should be fixed. The only modification that may have negative interoperability impact is if there are intermediary CAs that use RSA-MD2/MD5. In the www2.net.hsbc.com example, the chain was RSA-MD2 -> RSA-SHA1 -> RSA-SHA1 so it would verify correctly. If the chain was ?->RSA-MD?->? there would be a problem, such a chain would not verify in the new version. In the old version, ?->RSA-MD5->? would verify correctly, but ?->RSA-MD2->? would not (because RSA-MD2 wasn't supported). I'm not sure how many real-world chains look like ?->RSA-MD5->?. Sampling that would be interesting. If I understand correctly, all the information needed to produce colliding RSA-MD5 X.509 certificates are publicly available. It supposedly only takes hours to do create these certificates. I don't think users should be tricked into feeling secure if RSA-MD5 is used within a chain. In any case, the hook to re-enable RSA-MD2 and RSA-MD5 are present, so I think GnuTLS can meet everybody's needs. Thanks, Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
