Unaddressed editorial comments from David Wong

[zhenfeizhang]

• comparison with classical signatures, such as ECDSA, from engineering perspective

• "P1" is defined but never seem to be used.

  • ZZ: useful if we switch groups

• section "2.5.3. Implementation optimizations". Two things:

  • this should be towards the end of the documentation as these are optional recommendations. Perhaps after "security recommendations" or as an appendix
  • is it really wise to have the standard contain this? Available optimizations may change over time. I've also never seen an RFC talking about optimizations.

• section "3.4. Randomness considerations" needs a citation, for example on ECDSA issues when the nonce is repeated

[zhenfeizhang]

"P1" is defined but never seem to be used.

It will be used in the final version where we define the other variant of the BLS scheme (with switched groups)