Michael Rosenberg

> What other transcript would be getting notarized? I think we can assume _some_ context has been established. We don't want to have to fully qualify the term everywhere and...

Oh I see, I didn't realize it was a full transcript. In that case yeah I'm fine with Notarized Transcript. That covers all the terms, right? @themighty1 what do you...

Ok I think this is a non-issue. Yes, it may be the case that `verify_strict` accepts prime-order non-canonical `R`, but the reason it's not an issue is because it's extremely...

My thought was to have `recompute_r` just return the compressed form, and then all the callers have no choice but to do a byte comparison. This looks nice enough imo,...

Hmm, so `PublicKey` wraps `MontgomeryPoint` which wraps `[u8; 32]` and all of them autoderive `Debug`. What happens if you do `println!("{:x?}", my_pubkey)`

Hi Riad! Yes I would be happy to take the PR. The way we're doing it currently is we're keeping the draft specs in separate branches, eg [`unstable-pq-xyber`](https://github.com/rozbb/rust-hpke/tree/unstable-pq-xyber), and backporting...

fwiw it looks like this should have code that's nearly identical to the existing p256 impl, assuming you use the [pure Rust impl](https://github.com/RustCrypto/elliptic-curves/tree/master/k256). In that case, I think it'd be...

Thank you! I'm sorry I'm so busy with school rn I will get around to this in 2-3 weeks. Two small things until then: 1. Could you modify to merge...

Ok np I can do the branch stuff. The reason is just bc I don't want to put non-specc'd things in the main branch. Unless I misunderstood and K256 is...

Hi all. Apologies for the stall. I’m happy to merge now into a separate branch. I don’t see a strong reason not to put this in main beyond what I...