>From 248eba683f5c52b73b79c927dbef818f5ceb343c Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <campbell+ietf-openpgp@mumble.net>
Date: Wed, 11 Jan 2017 14:21:13 +0000
Subject: [PATCH] Fix EdDSA secret key packet format with reference to CFRG
 notation.

What is stored is *not* a scalar; it is a b-bit secret input to a
2b-bit hash function that expands it into

(a) the b-bit secret scalar a, giving the public key A = a B, where B
is the standard base point; and
(b) the b-bit nonce PRF key.

While here, clarify EdDSA public key packet format with reference to
CFRG notation too.
---
 middle.mkd | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/middle.mkd b/middle.mkd
index 5182c7d..905bde1 100644
--- a/middle.mkd
+++ b/middle.mkd
@@ -1936,8 +1936,9 @@ A version 4 packet contains:
            - the octets representing a curve OID, defined in
              section NN{FIXME};
 
-      - a MPI of an EC point representing a public key Q as described
-        under EdDSA Point Format below.
+      - a MPI, encoded as described under EdDSA Point Format, of an EC
+        point A, in the notation of [](#I-D.irtf-cfrg-eddsa),
+        Section 3.2 "Keys".
 
     Algorithm-Specific Fields for ECDH keys:
 
@@ -2034,8 +2035,8 @@ The packet contains:
 
     Algorithm-Specific Fields for EdDSA keys:
 
-      - MPI of an integer representing the secret key, which is a
-        scalar of the public EC point.
+      - an opaque octet string k, in the notation of
+        [](#I-D.irtf-cfrg-eddsa), Section 3.2 "Keys".
 
 
 
-- 
2.10.2