NIST is planning to phase out SHA-1 by 2010, they are going with SHA-224,
SHA-256, SHA-384 and SHA-512.
http://csrc.nist.gov/hash_standards_comments.pdf
In Canada, CSE will phase out SHA-1 for protected C information by 2008.
I don't know what is going on in Europe and the rest of the world, but I
would be surprised if they were going with SHA-1 in the long term.
You cannot ignore these decisions if you want openpgp to be successful.
--Anton
-----Original Message-----
From: owner-ietf-openpgp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-openpgp(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Daniel
A. Nagy
Sent: September 19, 2006 6:13 PM
To: OpenPGP
Subject: Re: [Sam Hartman] Openpgp comments
On Tue, Sep 19, 2006 at 06:55:32PM -0400, David Shaw wrote:
I'm not against a SHA-256 or 512 based MDC.
This would make encryption/decryption measurably slower, for no benefit
whatsoever. SHA1 provides a comfortable security margin even taking all
recent developments into consideration.
--
Daniel