I think we ought to keep it with the same algorithm number.
I'm happy to put in SHA-224 (meaning it's trivial work), but I don't
like it, myself. The reason is that SHA-224 is really a truncated
SHA-256. Thus, it has no advantages over SHA-256 except being smaller
by 32-bits with 112 bits of security. The reason it exists at all is
for crypto-balance with 2-key 3DES (which is not TDEA), which we
don't allow at all. I don't think we should have it as it goes
against our principles of wanting a minimum of 128-bits of security
in OpenPGP. (Yes, yes, I know that SHA-1 doesn't meet this either,
but until SHA-256, we didn't have many options. That doesn't mean the
principle is wrong; we *have* options.)
Jon