Now we're getting somewhere in terms of intellectual discussion! :)
I of course agree we should replace SHA-1. But I still think a more intellectually honest discussion is meaningful. For example, after reading the link you referred to I'm rather convinced that X.509 is pretty seriously flawed, and could easily be redesigned to be collision resistant. Why not talk about that? Why not do it?
As I understand it, CAs have mitigated the collision attacks by forcing a random serial number they generate into the certificates. Since that's part of the hash, collision attacks are no longer practical.
Doing x509 still means having to parse ASN.1 though, and nobody seems to actually like it.
I of course agree we should replace SHA-1. But I still think a more intellectually honest discussion is meaningful. For example, after reading the link you referred to I'm rather convinced that X.509 is pretty seriously flawed, and could easily be redesigned to be collision resistant. Why not talk about that? Why not do it?