On Tue Oct 24 18:17:03 2017, muks wrote:
> I don't know why NSEC3 came up in this thread.

=> because the same mechanism which banned MD5
targets now SHA-1 (e.g. SHA-1 is already not recommended
in RSA signatures) and NSEC3 does not work without SHA-1.