I have discovered an issue last night and written up a security advisory about it. Short version, there is no problem but why it isn't a problem requires some explanation. Description: ECDSA signing using SHA1 hash https://wiki.snowblossom.org/index.php/Security_Advisory https://wiki.snowblossom.org/index.php/Security/SA-1