On October 2, 2012, the National Institute of Standards and Technology (NIST) announced that the winner of the new SHA-3 hash function competition was Keccak. The plan is SHA-3 will eventually replace SHA-1 and the SHA-2 hash families.
To support digital certificates, the hashing function is used by the certification authority (CA) to put its signature on the certificates and CRLs. The signature needs to be strong enough so it cannot be replicated or predicted.
Bruce Schneier, a security guru, was a in the SHA-3 competition. Schneier states there is no need to rush to implement SHA-3; to date, SHA-256 (a SHA-2 variant) is still looking good. Upon the announcement of the winner, he stated Keccak is a fine hash function, but so are the four variants of SHA-2. He will take some time before making specific recommendations on when to move to SHA-3.
The SSL certificate industry still has CAs that are removing MD5-signed certificates. The industry is slowly implementing SHA-2, but most certificates are signed with SHA-1 due to backwards compatibility issues with browsers and other applications.
I think the next step will be for NIST to develop a schedule as to when SHA-3 should be used. We will then see how well the software industry supports SHA-3.