IsValidHostname now rejects public keys that are invalid ed25519
curve points in addition to ed25519 points that contain torsion
components (which are defined to be invalid Tor Hostnames).
Note: The lack of these checks previously would have been unlikely to manifest as an issue further up the
stack because Tor would have prevented Cwtch from connecting to bad curve
points, the Tapir authentication protocol would have failed with invalid curve points,
and the experimental group chats only rely on signatures for voluntary authorship attribution,
rather than e.g. consensus or security.
Sarah Jamie Lewis