IdU, IdS represent the identities of user (sent as identity in PAKEShareClient) and server (Certificate message).
What happens when there is no certificate?
Moreover, I think that for the sake of OPAQUE, the server identity needs to be set at the time of password registration and included in Env. A name in a certificate, if sent, maybe something the server sends momentarily and unrelated to the identity of the server the user would recognize (e.g., citibank.com) at time of password registration.
In the case that certificate-based authentication is included in addition to OPAQUE authentication then the name in the certificate will be authenticated via the regular certificate based authentication (essentially by including the certificate name under the Finished msg, following the SIGMA logic).
IdU, IdS represent the identities of user (sent as identity in PAKEShareClient) and server (Certificate message).
What happens when there is no certificate?
Moreover, I think that for the sake of OPAQUE, the server identity needs to be set at the time of password registration and included in Env. A name in a certificate, if sent, maybe something the server sends momentarily and unrelated to the identity of the server the user would recognize (e.g., citibank.com) at time of password registration.
In the case that certificate-based authentication is included in addition to OPAQUE authentication then the name in the certificate will be authenticated via the regular certificate based authentication (essentially by including the certificate name under the Finished msg, following the SIGMA logic).