On Thu, 12 Apr 2012, Ondřej Surý wrote:
As a comment that does not argue for any change, having SHA-256 hash as the "lowest" hash excludes SHA-1, a widely deployed hash algorithm. I gather that the WG has made a tradeoff between perceived security and ease of deployment.
SHA-2 was first published 11 years ago and I don't really think that
applications which will decide to implement DANE will not have support
for SHA-2 family.
Using SHA1 at this point is actually more of a risk then using SHA2. If
you want to run your OS or device in FIPS mode, you may not use SHA1 for
anything. I am seeing a lot of breakage in fips mode where apps just
assume a sha1 call never fails. That's long past us now. Don't count
on sha1 being available.
Paul