Nikos Mavrogiannopoulos <[email protected]> writes: > That is indeed quite different from any other signature scheme. I don't > know whether eddsa is going to be standardized or not, but it is > certainly being discussed in irtf. Maybe raising that issue there would > make more sense.
Where, more precisely, do you suggest I ask about this? [email protected] ? > M would most probably be protocol related and at least for TLS it is > often something short, but other protocols may differ. For a start, I think it makes sense to have sign and verify functions that take the complete arbitrary-length message as an argument, and no attempt at any _update function. With the expecation that short messages are what people will be using (and then a flexible input size is nice), and that applications for signing large messages with eddsa will likely do their own message digest before invoking the eddsa functions. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
