Bug #45932 for bind9-public: Add PK11_SHA1

Report information

The Basics

Id:

45932

Status:

open

Priority:

Low/Low

Queue:

bind9-public

People

Owner:

Francis Dupont <Francis_Dupont@isc.org>

Requestors:

Francis Dupont <Francis_Dupont@isc.org>

Cc:

AdminCc:

BugTracker

Version Fixed:

(no value)

Version Found:

(no value)

Versions Affected:

(no value)

Versions Planned:

(no value)

Priority:

(no value)

Severity:

(no value)

CVSS Score:

(no value)

CVE ID:

(no value)

Component:

(no value)

Area:

feature

Dates

Created:	Wed, 06 Sep 2017 08:14:47 -0400
Updated:	Wed, 06 Sep 2017 14:11:28 -0400
Closed:	Not set

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History

Wed, 06 Sep 2017 08:14:47 -0400 Francis Dupont <Francis_Dupont@isc.org> - Ticket created

To:	bind9-public@isc.org
From:	Francis_Dupont@isc.org
Date:	Wed, 06 Sep 2017 12:14:47 +0000
Subject:	Add PK11_SHA1_DISABLE

Do the same than for MD5 but for SHA-1 because SHA-1 is no longer collision-resistant so not recommended for RSA. Note even HMAC does not rely on this property so for instance HMAC-MD5 is a priori safe this argument is not enough to make new implementations not support MD5. There is no reason the same will not happen with SHA-1, it just should take time (i.e. some years).

Bug #45932 for bind9-public: Add PK11_SHA1_DISABLE

This bug tracker is no longer active.