Hi Daniel,
Either way, it seems that we need to clarify the standard.
I agree. I've been working on a specific use case (decryption and
validation of messages when public parts of the key are unavailable) and
the amount of cryptographic agility here is, in my opinion, unwarranted.
From what I can see SHA-256 is the most prevalent hash for ed25519
signed messages now but I see no problem in SHOULD'ing SHA-512 to align
with existing standards.
Kind regards,
Wiktor
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp