This will be compatible with some current implementations that do not have SHA-1. HMAC-SHA1 may be still secure, but SHA1 in any context *looks* bad even if it isn't.