From db8511aff560786949f6666df5d794515631ff0c Mon Sep 17 00:00:00 2001
From: Emil Engler <me@emilengler.com>
Date: Sun, 25 Jun 2023 16:36:48 +0200
Subject: cert-spec: improve signature formulation

I personally had a hard time implementing the signature validation in Ed25519
certificates, as I have misinterpreted it as signing only the first 64 bytes.

I hope that this patch puts more clearance into the material.
---
 cert-spec.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'cert-spec.txt')

diff --git a/cert-spec.txt b/cert-spec.txt
index 1782141..ef6ec01 100644
--- a/cert-spec.txt
+++ b/cert-spec.txt
@@ -92,8 +92,9 @@ Table of Contents
 
    Before processing any certificate, parties SHOULD know which
    identity key it is supposed to be signed by, and then check the
-   signature.  The signature is formed by signing the first N-64
-   bytes of the certificate.
+   signature.  The signature is created by signing all the fields in
+   the certificate up until "SIGNATURE" (that is, signing
+   sizeof(ed25519_cert) - 64 bytes).
 
 2.2. Basic extensions
 
-- 
cgit v1.2.3-54-g00ecf