I really like the idea of the enableExperimentalPublicKeyTypes resolution option and invalidPublicKeyType error. We have also defined and implemented something very similar:
I think the only difference is that in our case, individual verification method types (such as Ed25519VerificationKey2018) can be allowed/denied by a resolver, whereas in your case your option is about a group of types (such as "experimental"). It should be possible to harmonize both into a single option.
I really like the idea of the
enableExperimentalPublicKeyTypesresolution option andinvalidPublicKeyTypeerror. We have also defined and implemented something very similar:overrideVerificationMethodTypePolicynotAllowedVerificationMethodTypeSee https://github.com/decentralized-identity/did-spec-extensions/blob/main/error-codes/not-allowed-verification-method-type.md.
This is one of several security-related policies that a resolver can enforce, see here for more: https://github.com/decentralized-identity/did-spec-extensions
I think the only difference is that in our case, individual verification method types (such as
Ed25519VerificationKey2018) can be allowed/denied by a resolver, whereas in your case your option is about a group of types (such as "experimental"). It should be possible to harmonize both into a single option.