In order to avoid probing signatures that don't match a public key, signatures are prefixed with an algorithm identifier.
That identifier was present in examples, but not in the specification.
So, mention it in the specification.
In addition, current implementations don't consider that the identifier is part of the signature, so match these implementations. It doesn't make any difference beyond the encoded signature length.
jedisct1
commented
6 months ago
In order to avoid probing signatures that don't match a public key, signatures are prefixed with an algorithm identifier.
That identifier was present in examples, but not in the specification.
So, mention it in the specification.
In addition, current implementations don't consider that the identifier is part of the signature, so match these implementations. It doesn't make any difference beyond the encoded signature length.