EdDSA / Ed25519
Appendix A contains an example for EdDSA. The example states that the hash function used is SHA2-256. The example also states that the curve used is 2b06010401da470f01, which is defined as “Ed25519” elsewhere in the draft. However, RFC 8032 specifies Ed25519 as an instantiation of EdDSA with specific parameters, one of which is that H is SHA2-512 and PH (in the ph case) is SHA2-512. Is it the intention that OpenPGP implements not Ed25519 but some other form of EdDSA? If yes, this should be called out explicitly in the text and it shouldn't be called Ed25519. If no, the example needs to be updated and it would probably be good to explicitly call out Ed25519ph in section 14.8.