[tptacek]

No, it's pretty widely recognized that WireGuard is in a sense a repudiation of "agility". You can look at, for instance, the INRIA analysis/proof paper to see how a bunch of disinterested cryptographers describe it: "many new secure channel protocols eschew standardisation in favour of a lean design that uses only modern cryptography and supports minimal cryptographic agility."

If you want to say "minimalist agility is good and you're just saying maximalist agility is bad", that's fine, we're just bickering about terms. But that's pretty obviously not what Schneier is talking about.

[Zamicol]

All the works I've read of Schneier have given me the impression of the above definition, "support multiple cryptographic primitives and do not be overly coupled to a single primitive."

Serendipitously, I just tweeted about this 11 days ago: https://twitter.com/CyphrMe/status/1556660870901403648

"The moral is the need for cryptographic agility. It’s not enough to implement a single standard; it’s vital that our systems be able to easily swap in new algorithms when required."

Do you have a link to something that in your mind represents what Schneier is talking about?

[tptacek]

A modern cryptosystem wouldn't be designed to swap in new algorithms; it would pick a single set of algorithms and constructions, and version the whole system. Which is how WireGuard works: you can't run AES WireGuard, or WireGuard with the standard P-curves.