Did some dumpster diving to figure this out. In retrospect, I'm surprised there wasn't a major version spike after this, but it's not like signatures generated by abusing signature malleability ever happen with legitimate signers in the first place.
There doesn't seem to be a good term to refer to a signature that is valid but has a greater S value than L without dragging the whole explanation of EdDSA in.
Change introduced in 974e55d21c1fac7a2e21f91cb7174601b653180a and
24f4be7acc3ec7ff613715a7a97597e587f6d6d8.
The actual reasons to introduce this were actually performance-related.
LoupVaillant
commented
4 years ago
Did some dumpster diving to figure this out. In retrospect, I'm surprised there wasn't a major version spike after this, but it's not like signatures generated by abusing signature malleability ever happen with legitimate signers in the first place.
There doesn't seem to be a good term to refer to a signature that is valid but has a greater S value than L without dragging the whole explanation of EdDSA in.
Change introduced in 974e55d21c1fac7a2e21f91cb7174601b653180a and 24f4be7acc3ec7ff613715a7a97597e587f6d6d8.
The actual reasons to introduce this were actually performance-related.
Sparked by #189.