On Wed, 18 Dec 2024 21:33:29 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> We included SHA1 because there could be a legacy use case to support and >> it's part of the test vectors for RFC 5869 (HMAC-based Extract-and-Expand >> Key Derivation Function (HKDF)). We don't recommend using it, and will >> probably filter it out once we have the Filter integrated, but would you be >> okay with keeping it? > > Do you have any data on how many legacy use cases use it? I think for new > mechanisms we should be forward looking and refrain from adding support for > weak or not recommended algorithms unless there is a very good reason. It is > often harder to remove something than to add it. Yes, I see your point. We don't have data to back it up. If someone comes up with a strong case, we can reconsider it in the future. We removed it. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1890947033
