Regarding SHA with DSA, there is also the issue of hash sizes.
DSA, for keys in the range 512-1024 bits (which are the only ones for
which it is defined currently) has 160 bits to hold the hash value.
SHA-1 produces a 160 bit hash, so that is a good match.
DSA is carefully balanced so that the difficulties of breaking the
discrete log in either of the two known ways are approximately equal,
and also are approximately equal to the difficulty of finding a signature
collision. All involve a work factor of about 2^80.
If you wanted to use DSA with a hash of < 160 bits, you don't actually get
the cryptographic strength which the DSA algorithm is designed to provide.
Your hash becomes the weakest link.
Other 160 bit hashes than SHA-1, like RIPEMD-160, should be suitable for
use with DSA as far as cryptographic strength is concerned. The question
of whether to allow non-SHA hashes with DSA is, as Jon says, more political
than technical, as long as you keep to consistent sizes.
Hal Finney
hal(_at_)pgp(_dot_)com