[Freeipa-devel] MD5 certificate fingerprints removal

[Standa Laznicka]

Hello,

Since we're trying to make FreeIPA work in FIPS we got to the point 
where we need to do something with MD5 fingerprints in the cert plugin. 
Eventually we came to a realization that it'd be best to get rid of them 
as a whole. These are counted by the framework and are not stored 
anywhere. Note that alongside with these fingerprints SHA1 fingerprints 
are also counted and those are there to stay.

The question for this ML is, then - is it OK to remove these or would 
you rather have them replaced with SHA-256 alongside the SHA-1? MD5 is a 
grandpa and I think it should go.

Standa