Content-Transfer-Encoding: binary
X-RT-Interface: Web
References: <RT-Ticket-42272@isc.org>
 <rt-4.2.8-34950-1461887060-145.42272-4-0@isc.org>
 <rt-4.4.1-85494-1508735280-1768.42272-4-0@isc.org>
 <20171023082855.GA27755@jurassic.lan.banu.com>
 <20171023172117.GA92445@isc.org>
 <rt-4.4.1-85494-1508779281-1715.42272-7-0@isc.org>
 <rt-4.4.1-85494-1508781862-1346.42272-7-0@isc.org>
 <rt-4.4.1-21225-1508791024-449.42272-7-0@isc.org>
 <20171024181651.GA14468@jurassic.lan.banu.com>
 <rt-4.4.1-31452-1508869023-424.42272-0-0@isc.org>
X-RT-Original-Encoding: utf-8
Content-Disposition: inline
MIME-Version: 1.0
Message-ID: <rt-4.4.1-82815-1508881271-1345.42272-0-0@isc.org>
X-Mailer: MIME-tools 5.508 (Entity 5.508)
In-Reply-To: <rt-4.4.1-31452-1508869023-424.42272-0-0@isc.org>
Content-Type: text/plain; charset="utf-8"
RT-Send-CC:
Content-Length: 253

On Tue Oct 24 18:17:03 2017, muks wrote:
> I don't know why NSEC3 came up in this thread.

=> because the same mechanism which banned MD5
targets now SHA-1 (e.g. SHA-1 is already not recommended
in RSA signatures) and NSEC3 does not work without SHA-1.