Jari,
Another is that application protocols should be required to reuse code points from common registries rather than define their own.
At the moment we have separate crypto registries for TLS, IPSEC, PEM, PKIX and XML Digital Signature. The JOSE folk want to create another. There should be a policy that tells people from the start that there will be no new crypto registries.
Here I am not so sure. Registries for adding specific crypto algorithms are not merely number allocations; they go with specifications and code that actually runs, say, AES on IPsec or AES on TLS. It is not entirely clear to me that crypto across different protocols and use cases should proceed in lock step. And even if it were useful, it is a difficult change to make retroactively, when the code points in different protocols started out differently.
I concur with your observation wrt crypto algs. One size (alg or even
key length) does
not fit all. When we introduce new protocols we have more flexibility in
adopting new
algs and it may make sense to mandate support for them. For existing
protocols
insisting that new algs be supported impose a greater burden and perhaps
a long
transition process. In some contexts a suite of new algs can be
incrementally
deployed with minimal impact, whereas in other contexts changes must be
adopted
globally.
Steve