Closed laurencelundblade closed 11 months ago
carl-wallace
commented
1 year ago Re: specific algorithm and interoperability being possible, my point was that "fully guaranteed" doesn't fit because the recipient might have no idea where to get the verification key material. The "fully guaranteed" verbiage is new, and doesn't strike me as quite right without considering that. Likewise for decryption key.
laurencelundblade
commented
12 months ago Lack of a specific alg. identifier does not imply that interoperability is not possible. For instance, https://datatracker.ietf.org/doc/html/rfc8152#appendix-A.1 discusses the use of implicit algorithms. In my interpretation of the PQC example, if the alg. field is left empty but the kid points to a PQC keypair then interoperability is still possible without having to re-define the profile to explicitly include the PQC algm.
Yes, this is true and with the it's OK to to not have an alg ID in a full profile.
laurencelundblade
commented
11 months ago Please take a look at my recent update here. It tightens up a lot and I think makes the notion of a full profile much more clear. Also this hopefully addresses Simon's comment too.
Lack of a specific alg. identifier does not imply that interoperability is not possible. For instance, https://datatracker.ietf.org/doc/html/rfc8152#appendix-A.1 discusses the use of implicit algorithms. In my interpretation of the PQC example, if the alg. field is left empty but the kid points to a PQC keypair then interoperability is still possible without having to re-define the profile to explicitly include the PQC algm.