PFX – How Not to Design a Crypto Protocol/Standard

>Standards like PKCS #7 have been designed with a reasonable level of care to allow one-pass processing. For example hashed and signed data has the hash algorithm information before the data so you know you should hash the data as you process it, and the actual hash value at the end.

>To avoid this, provide the ability to tag nasty surprises onto the end of the data with no warning that they're going to be there, so that the implementation has to go back to the start of the data and process it a second time.

I feel this sort of thing is obvious to software engineers, but not obvious to most people who write standards. DJB succeeded in revolutionizing cryptography because he was a programmer.