2022.07.20 08:53:07 (1549648579513372673) from Daniel J. Bernstein, replying to "Jethro Beekman (@JethroGB)" (1549644319556096000):
People often create streaming APIs, but we've seen again and again how dangerous those APIs are: applications act on streams straight from the attacker. It's much safer to have a signature on each packet. Rough analogy: put handwritten signatures on each page of a legal document.
2022.07.20 08:22:39 (1549640913458040833) from Daniel J. Bernstein:
If signed messages look like message+signature (as opposed to "message recovery") then it's too easy for people to grab the message and skip checking the signature. To fight against this, transform sm to obscure m: xor 1,2,3,...; better, apply any of the AONTs from Rivest et al.
2022.07.20 08:36:11 (1549644319556096000) from "Jethro Beekman (@JethroGB)":
What is your message is too large to keep in memory?