Is it possible to deprecate the signing part of the mechanism while requiring
the verification part?
There's a whole pile of MD5withRSA and MD2withRSA root certificates.
Obviously, you don't want to support further signatures, but it would be useful
if you can still verify.
Or too much work?
On 12/16/10 1:26 PM, Sean Mullan wrote:
On 12/15/10 10:38 AM, Florian Weimer wrote:
Oh, and I just realized that MD5 and HmacMD5 are missing. These
algorithms are still heavily used (and HmacMD5 is not really broken,
it's only guilty by association).
Yes, MD5 is still in use, but I think it is
Ah yes there is that issue of course. I fully understand the reasoning
behind that. Too bad so many out there don't consider patent encumbering
when designing systems (such as ePassport as an example).
Cheers,
Tomas
On 12/16/2010 08:05 PM, Sean Mullan wrote:
> Right, but there are ECC patents th
