No, I'm pretty sure they are saying you need to transmit it

nightpool 10 hours ago | parent | next [-]

No, they propose just concatenating it with the data received from the network

> it makes a concatenation of the domain separator (@0x92880d38b74de9fb) and the serialization of the object, and then feeds the byte stream into the signing primitive. Similarly, verification of an object verifies this same reconstructed concatenation against the supplied signature.

> Note that the domain separator does not appear in the eventual serialization (which would waste bytes), since both signer and receiver agree on it via this shared protocol specification. Encrypt, HMAC, and hash work the same way

	▲	tennysont 10 hours ago \| parent \| next [-]
		You are, of course, right. And this distinction is important for this chain of comments. Though, in fairness, that is /kind of/ like transmitting it---in the sense that it impacts the message that is returned. It's more akin to sending a checksum of the magic number, rather than the magic number itself. But conceptually, that is just an optimization. The desire is for the client to ensure the server is using the same magic number, we just so happen to be able to overload the signature to encode this data without increasing the message size.
	▲	lokar 10 hours ago \| parent \| prev [-]
		Oh, it's just in the hash input. So if you don't use the right ID when you check the hash, it fails.

▲

jcalvinowens 10 hours ago | parent | prev | next [-]

I think not:

> Note that the domain separator does not appear in the eventual serialization (which would waste bytes), since both signer and receiver agree on it via this shared protocol specification.

But saying it's about wasting bytes is a little confusing, as you observe that isn't really the point.

▲

jeffrallen 10 hours ago | parent | prev [-]

It is definitely not transmitted.

Domain separation happens in the input to the hash function, not on the wire. Because what arrives off the wire is UNTRUSTED input.