Should aggregation service public key advertisement be covered by the specification?

[apasel422]

Step 15.1 of the "construct a DAP report" algorithm says:

Let pkR be the public key of the corresponding role from the aggregation service HPKE configuration obtained for the aggregation service indicated by options.Aggregation Service.

The URL for "dap-15-histogram" is expected to identify the DAP Leader role. Implementations need to obtain HPKE configuration for both Aggregators statically. The HPKE configuration must not be fetched on demand, as the time that takes will leak information to callers of measureConversion().

Should we also specify how the aggregation services advertise their public key(s) so that they can be obtained in a standard way across implementations?

[martinthomson]

That would be a question best suited to the IETF PPM working group, I'd say. I mean, it would be nice if there were a standard location and format for those, but ideally that would be a DAP protocol extension.

As a practical matter, the HPKE configuration for each DAP Aggregator can come from the same place the other configuration comes from. Browser-makers would have an easier time if there was a protocol, but it is their effort that a standard would help reduce.