shall support signed ID Tokens;
should support signed and encrypted ID Tokens;
I’m not sure whether to read this as “must support either JWS or JWE id_tokens”, or if it’s “must support JWS and may support JWE”.
i.e. can authorization servers opt to always use encryption?
Naively I can’t see any reason to rule out going all-in on encryption, unless it’s for interoperability reasons. (and if it is for interoperability, it might be worth adding a note to that effect.)