MD2 to Historic Status
RFC 6149

Document Type RFC - Informational (March 2011; No errata)
Obsoletes RFC 1319
Was draft-turner-md2-to-historic (individual in sec area)
Authors Lily Chen  , Sean Turner 
Last updated 2020-07-29
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 6149 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Robert Sparks
Send notices to (None)
Internet Engineering Task Force (IETF)                         S. Turner
Request for Comments: 6149                                          IECA
Obsoletes: 1319                                                  L. Chen
Category: Informational                                             NIST
ISSN: 2070-1721                                               March 2011

                         MD2 to Historic Status


   This document retires MD2 and discusses the reasons for doing so.
   This document moves RFC 1319 to Historic status.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Turner & Chen                 Informational                     [Page 1]
RFC 6149                 MD2 to Historic Status               March 2011

1.  Introduction

   MD2 [MD2] is a message digest algorithm that takes as input a message
   of arbitrary length and produces as output a 128-bit "fingerprint" or
   "message digest" of the input.  This document retires MD2.
   Specifically, this document moves RFC 1319 [MD2] to Historic status.
   The reasons for taking this action are discussed.

   [HASH-Attack] summarizes the use of hashes in many protocols and
   discusses how attacks against a message digest algorithm's one-way
   and collision-free properties affect and do not affect Internet
   protocols.  Familiarity with [HASH-Attack] is assumed.

2.  Rationale

   MD2 was published in 1992 as an Informational RFC.  Since its
   publication, MD2 has been shown to not be collision-free [ROCH1995]
   [KNMA2005] [ROCH1997], albeit successful collision attacks for
   properly implemented MD2 are not that damaging.  Successful pre-image
   and second pre-image attacks against MD2 have been shown [KNMA2005]
   [MULL2004] [KMM2010].

3.  Documents that Reference RFC 1319

   Use of MD2 has been specified in the following RFCs:

   Proposed Standard (PS):

   o [RFC3279] Algorithms and Identifiers for the Internet X.509 Public
               Key Infrastructure Certificate and Certificate Revocation
               List (CRL) Profile.

   o [RFC4572] Connection-Oriented Media Transport over the Transport
               Layer Security (TLS) Protocol in the Session Description
               Protocol (SDP).


   o [RFC1983] Internet Users' Glossary.

   o [RFC2315] PKCS #7: Cryptographic Message Syntax Version 1.5.

   o [RFC2898] PKCS #5: Password-Based Cryptography Specification
               Version 2.0.

   o [RFC3447] Public-Key Cryptography Standards (PKCS) #1: RSA
               Cryptography Specifications Version 2.1.

Turner & Chen                 Informational                     [Page 2]
RFC 6149                 MD2 to Historic Status               March 2011


   o [RFC2660] The Secure HyperText Transfer Protocol.

   There are other RFCs that refer to MD2, but they have been either
   moved to Historic status or obsoleted by a later RFC.  References and
   discussions about these RFCs are omitted.  The exceptions are:

   o [RFC2313] PKCS #1: RSA Encryption Version 1.5.

   o [RFC2437] PKCS #1: RSA Cryptography Specifications Version 2.0.

4.  Impact on Moving MD2 to Historic

   The impact of moving MD2 to Historic on the RFCs specified in Section
   3 is minimal, as described below.

   Regarding PS RFCs:

   o MD2 support in TLS was dropped in TLS 1.1.

   o MD2 support is optional in [RFC4572], and SHA-1 is specified as the
     preferred algorithm.

   o MD2 is included in the original PKIX certificate profile and the
     PKIX algorithm document [RFC3279] for compatibility with older
     applications, but its use is discouraged.  SHA-1 is identified as
Show full document text