Jari,
Another is that application protocols should be required to reuse code points
from common registries rather than define their own.
At the moment we have separate crypto registries for TLS, IPSEC, PEM, PKIX and
XML Digital Signature. The JOSE folk want to create another. There should be a
policy that tells people from the start that there will be no new crypto
registries.
Here I am not so sure. Registries for adding specific crypto algorithms are not
merely number allocations; they go with specifications and code that actually
runs, say, AES on IPsec or AES on TLS. It is not entirely clear to me that
crypto across different protocols and use cases should proceed in lock step.
And even if it were useful, it is a difficult change to make retroactively,
when the code points in different protocols started out differently.
I concur with your observation wrt crypto algs. One size (alg or even
key length) does
not fit all. When we introduce new protocols we have more flexibility in
adopting new
algs and it may make sense to mandate support for them. For existing
protocols
insisting that new algs be supported impose a greater burden and perhaps
a long
transition process. In some contexts a suite of new algs can be
incrementally
deployed with minimal impact, whereas in other contexts changes must be
adopted
globally.
Steve