...
SHA1 is considered an insecure hashing algorithm (see e.g. https://security.googleblog.com/2016/11/sha-1-certificates-in-chrome.html) and should be replaced a.s.a.p.
That Abandoning SHA1 has implications on all PEPPOL AS2 access pointsAccessPpoints. SMPSMPs, the SML and the the PEPPOL AS4 profile are not tangled with impacted by this issue.
The only other area affected by SHA1 is the PKI but the PKI v.2 ==> v.3 upgrade project (including an update of the hashing algorithm to SHA 256) is already runningwill take care of this.
The original documents created by the eDelivery Capability Extension work group are attached at the bottom of this page for reference.
...