As of DAP-03, aggregators may advertise multiple HPKE configurations for a given task. janus_client needs to decide what HPKE config to use when presented with a list. I think by default, we could choose whichever one we think is fastest (though that will vary based on e.g. whether AES is accelerated on the platform), but we might want to allow clients to configure allow- or deny-lists. For example, some clients might only allow NIST cryptography and thus will want to stick to P-256 and AES.
In particular, we need to add the rest of the HPKE KEM codepoints to our HpkeKemId enumeration, and then discard keys we don't support (P-384, P-521, and X448) when filtering through a HpkeConfigList.
As of DAP-03, aggregators may advertise multiple HPKE configurations for a given task.
janus_client
needs to decide what HPKE config to use when presented with a list. I think by default, we could choose whichever one we think is fastest (though that will vary based on e.g. whether AES is accelerated on the platform), but we might want to allow clients to configure allow- or deny-lists. For example, some clients might only allow NIST cryptography and thus will want to stick to P-256 and AES.