Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
To: bind9-public@isc.org
From: Francis_Dupont@isc.org
Date: Wed, 06 Sep 2017 12:14:47 +0000
Message-ID: <rt-4.4.1-1600-1504700087-1006.0-0-0@isc.org>
X-RT-Interface: Web
Content-Type: text/plain; charset="utf-8"
Subject: Add PK11_SHA1_DISABLE
X-Mailer: MIME-tools 5.508 (Entity 5.508)
X-RT-Original-Encoding: utf-8
Content-Length: 375

Do the same than for MD5 but for SHA-1 because SHA-1 is no longer collision-resistant so not recommended for RSA. Note even HMAC does not rely on this property so for instance HMAC-MD5 is a priori safe this argument is not enough to make new implementations not support MD5. There is no reason the same will not happen with SHA-1, it just should take time (i.e. some years).