Tony Arcieri

> he new SHA512 instructions should be leveraged using intrinsics in the sha2 crate. Unfortunately, the relevant intrinsics and target features are currently unstable, so this new backend would have...

It looks like they're available now: https://doc.rust-lang.org/nightly/core/arch/x86/fn._mm256_sha512rnds2_epi64.html

I have closed all PRs and issues but don't have the authority to actually archive the crate. I have put in a request to do so. In the meantime perhaps...

We currently have no lint for this information in `rustsec-admin`. I'm hoping Painter can potentially be a source of truth for it: https://github.com/rustfoundation/painter/issues/7

Yeah, I don't think this is something we should enable right away and it would be good to have an initial release with a 1.85 MSRV. Maybe it could be...

Yeah, this looks like a bug. RFC8410 specifies the `privateKey` field contains an inner `OCTET STRING`: https://datatracker.ietf.org/doc/html/rfc8410#section-7 > For the keys defined in this document, the private key is always...

So it turns out `ed448` actually already has a similar type, it just wasn't showing up in the rustdoc: https://docs.rs/ed448/0.5.0-rc.0/ed448/pkcs8/struct.KeypairBytes.html That's been tested with the CURDLE test vectors, which would...

I should also mention, for anyone interested in working on this feature, it should be pretty easy to adapt/copy-and-paste the implementation I wrote for `ed25519-dalek`: https://github.com/dalek-cryptography/curve25519-dalek/blob/59ab400f1ba4975d25dd4d6614836eeef3e093f3/ed25519-dalek/src/signing.rs#L688-L757

We'd previously discussed this a bit over email, although I thought the intent was to enable it at the library-level, not necessarily something that would be in `cargo-audit`

I worked through reviewing a rather large backlog of PRs this weekend and didn't quite get to this one. Maybe next weekend.