I agree. But you might want to have "extra salts". This is useful for PAKEs where you include the user ID, server ID, OPRF salt (or salt), and local/secret salt (if there is one). This is just to avoid collisions for H(salt || userId || serverId) like H(salt || "user1" || "server") and H(salt || "user" || "1server") etc. It doesn't matter how you do it but the simplest is salt' = H(H(salt) || H(userId) || H(serverId) || ... ).
Yes, but having it as an option prevents the user of the API from needing to think about encoding lengths or other proper separation methods and maybe messing it up. Also it gives a common implemented method for this.
It adds a little complexity and not sure how to define the max lengths, like the max number of associated data parameters and the max length of each. The length encoding would also need to be changed to keep the loop code tidy. For example:
As discussed in #7:
It adds a little complexity and not sure how to define the max lengths, like the max number of associated data parameters and the max length of each. The length encoding would also need to be changed to keep the loop code tidy. For example: