I confess I am wondering why this is needed. Five years ago, we flirted with
Tiger and Haval because you need wider hashes for better signatures. 192
bits is a bit dodgy because it only gets you an effective strength of 96
bits (over 80 bits for SHA-1). Today, we have all the wide SHAs in the
suite, which balance with symmetric ciphers up to 256 bits of key size.
Adding in TIGER/192 now seems like too little, too late. In 1998, this would
have been great. In 2002 (pushing 2003), it's at best a yawn.
In short, here's a pragmatic question I have: if I were making a signature
today, and I thought that SHA-1 weren't big enough, why would I want to use
TIGER/192 over SHA-{256|384|512}?
Without a good answer to that question, I don't see why it should be there.
I'm even slightly sympathetic to people who think it and HAVAL should be
removed. They've both been overtaken by events.
Jon