Jinmei, On Tue, 2010-03-16 at 01:28 -0700, JINMEI wrote: > We cannot ship the current sha1 implementation as we previously > discussed. We need to import BIND9 code or other safe code, or skip > nsec3 this time. Just out of curiosity, why is this unsafe? It doesn't look like the BIND 10 code should be that difficult to convert... except of course we need OpenSSL. -- Shane