Why don't we implement the "secure by default" principle
and just ban MD2 and MD4? CERT_VerifyCert would fail with
the SEC_ERROR_WEAK_CRYPTO error if any cert in the cert
chain (except the root CA cert) is signed with RSA-MD2
or RSA-MD4? Then apps, when upgrading to the new NSS,
will automatically get verification failures on those
certs. The apps that still want to support RSA-MD2 and
RSA-MD4 can choose to stick with NSS 3.12.2 or add
code to handle the SEC_ERROR_WEAK_CRYPTO error.
If all apps need to both upgrade to the new NSS and
add calls to NSS_SetAlgorithmPolicy to get the secure
behavior, that'll be a big hassle and that's even
more boilerplate code one needs to write to use NSS.
Why don't we implement the "secure by default" principle WEAK_CRYPTO error if any cert in the cert WEAK_CRYPTO error.
and just ban MD2 and MD4? CERT_VerifyCert would fail with
the SEC_ERROR_
chain (except the root CA cert) is signed with RSA-MD2
or RSA-MD4? Then apps, when upgrading to the new NSS,
will automatically get verification failures on those
certs. The apps that still want to support RSA-MD2 and
RSA-MD4 can choose to stick with NSS 3.12.2 or add
code to handle the SEC_ERROR_
If all apps need to both upgrade to the new NSS and mPolicy to get the secure
add calls to NSS_SetAlgorith
behavior, that'll be a big hassle and that's even
more boilerplate code one needs to write to use NSS.