Should the libp2p extension include a signature of SubjectPublicKeyInfo instead of a signature of the public key? This seems to be good practice, as SubjectPublicKeyInfo includes not only the public key, but also the signature algorithm. For example, if RSA PKCS 1.5 were broken, but RSASSA-PSA was not broken, this would prevent forgery attacks until clients could upgrade their TLS libraries to reject RSA PKCS 1.5.
Should the libp2p extension include a signature of SubjectPublicKeyInfo instead of a signature of the public key? This seems to be good practice, as SubjectPublicKeyInfo includes not only the public key, but also the signature algorithm. For example, if RSA PKCS 1.5 were broken, but RSASSA-PSA was not broken, this would prevent forgery attacks until clients could upgrade their TLS libraries to reject RSA PKCS 1.5.