That's not necessarily a problem, it's perfectly OK PRFs, MACs, and
similar situations, you just want to move away from it for
signatures.
Yes, but removing it cuts down on the amount of (wholly inappropriate)
fearmongering that gets thrown around by the ignorant whenever SHA-1 is
mentioned. OpenPGP adoption is slow enough already; continued use of
SHA-1, even where it's safe, seems contraindicated.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp