Ian Pilcher wrote:
It sure feels like we're reaching the point where anyone who has
to work
with any sort of older equipment or servers is going to to forced to
switch their entire system to the LEGACY policy, which seems really
unfortunate.
Even worse is that even the LEGACY policy is getting stricter and stricter
(more or less silently, because it is documented only in passing as part of
the general crypto policy tightening, and the focus of the documentation is
on DEFAULT).
I think we need a REALLY_LEGACY that continues allowing MD5 and the like.
Kevin Kofler