My preference is to use SHA-512. My rationale is:
* Fingerprints of keys don't have to be computed continuously. They can be
computed ones and the result cached for a reasonably long period of time. For
every argument about speed on small machines, there's an equal and opposite
counter-argument about speed on large machines. I've pulled my hands back
several times from saying more. I won't unless provoked. I think the better
argument is that speed of computing a fingerprint doesn't matter.
* If we use SHA-512, we extend the length of time before we have to have this
argument again.
Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp