I'm not saying the conclusion is wrong, but the reasoning likely is: there's a huge difference between a collision attack and a so-called second pre-image attack [1]. To impersonate a website protected with an SHA-1 certificate you'd have to mount the second kind.
> Walker's estimate suggested then that a SHA-1 collision would cost $2M in 2012, $700K in 2015, $173K in 2018, and $43K in 2021.
If you adjust those cost estimates for the fact that a second pre-image is needed they look more something like this:
An SHA-1 second pre-image attack (needed to e.g. impersonate an SSL protected website) would likely cost about 10^26 USD in 2021... By comparison world GDP is only about 10^14 USD.
> Walker's estimate suggested then that a SHA-1 collision would cost $2M in 2012, $700K in 2015, $173K in 2018, and $43K in 2021.
If you adjust those cost estimates for the fact that a second pre-image is needed they look more something like this:
An SHA-1 second pre-image attack (needed to e.g. impersonate an SSL protected website) would likely cost about 10^26 USD in 2021... By comparison world GDP is only about 10^14 USD.
Better safe than sorry though. :)
1. https://www.ietf.org/mail-archive/web/pkix/current/msg30395....