The algorithm should only be used to compute the first character (aka version) of the address (e.g., 0 for RSA-PSS with SHA-256), but it shouldn't be part of the input to the hash of the public key.
The problem with algorithm params is that, unless they're normalised, subtle discrepancies will result in different private addresses. Also, most implementations (e.g., GCP KMS, PeculiarVentures/webcrypto) will output RSA algorithm params as NULL when exporting public keys, but another implementation could/should specify the parameters.
I think that the worst thing that could happen is that things will occasionally break for mysterious reasons if an Awala node exports a public key with RSA algo params other than NULL, but this is very unlikely to lead to security vulnerabilities because we're still using a X.509-based PKI.
The algorithm should only be used to compute the first character (aka version) of the address (e.g.,
0for RSA-PSS with SHA-256), but it shouldn't be part of the input to the hash of the public key.The problem with algorithm params is that, unless they're normalised, subtle discrepancies will result in different private addresses. Also, most implementations (e.g., GCP KMS,
PeculiarVentures/webcrypto) will output RSA algorithm params asNULLwhen exporting public keys, but another implementation could/should specify the parameters.I think that the worst thing that could happen is that things will occasionally break for mysterious reasons if an Awala node exports a public key with RSA algo params other than
NULL, but this is very unlikely to lead to security vulnerabilities because we're still using a X.509-based PKI.See also: