On Wed, Oct 12, 2022 at 03:35:19PM +0200, Richard Levitte wrote:
> Topic: Provider selection and handling for SHA1 and RIPEMD160 should be
> identical
> given the current understanding of algorithm specific security issues.
Shouldn't real-world usage be taken into account. SHA1 is widely used,
and even has important use-cases that aren't going away and where
collision resistance is not a major concern, e.g. NSEC3 in DNSSEC
where it is used for light obfuscation, not cryptographic signing.
I am not aware of any extant protocols that rely on RIPEMD160. I think
that strictly looking at security margins is misguided, real world usage
needs to inform any such decision, and users should be able to easily
keep SHA1 without bringing RIPEMD160 along for the ride.
--
Viktor.
