And that's pretty much what the -224 hashes are, forgettable (and
-384 only slightly less so). There's an obvious need for -256, and
then you need -512 for people who need hashes that go to 11, but
what's the point of -224 and -384 in OpenPGP?
IIRC, early drafts of DSA2 required a 224-bit hash for DSA-2048 and
didn't allow for the possibility of a truncated 256-bit hash. Later
revisions corrected this oversight. That's where it got into the spec:
because at the time it got into the spec, SHA-224 was required for
conformance.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp