MD5 digest algorithm is dead. It have been proven to be totaly insecure. What people doesn't realise is that MD5 weakness will have great impact on SHA1. Why? If CA use SHA1 to sign itself and issued certificates, it is possible to create certificate and forge signature so it will look like CA issued that certificate, but with MD5 digest alg. Before we fix all security applications that doesn't check this security threat, large demage will be done.