Corrections to a note in section 'Ed25519'.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -7129,15 +7129,19 @@ $\abstBytesEdSpecific\Of{\bytes{P}}$ is computed as follows:
   \item if $x \bmod 2 = \tilde{x}$ then return $(x, y)$ else return $(p - x, y)$.
 \end{formulae}
 
-\pnote{This definition of point decoding differs from that of \cite[section 5.1.2]{RFC-8032}.
-The latter does not allow $\{$ \\
+\pnote{This definition of point decoding differs from that of \cite[section 5.1.3, as corrected by the errata]{RFC-8032}.
+In the latter there is an additional step ``\texttt{If x = 0, and x\_0 = 1, decoding fails.}'',
+which rejects the encodings $\{$ \\
 \scalebox{0.615}[0.7]{
 \begin{tabular}{@{\hspace{1.5em}}l@{}}
 $\hexarray{01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,80},$ \\
+$\hexarray{ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff},$ \\
 $\hexarray{ec,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff}$
 \end{tabular}
 } \\
-$\}$ as encodings for $(0, 1)$ and $(0, -1)$ respectively.}
+$\}$. \\
+In this specification, the first two of these are accepted as encodings of $(0, 1)$, and the third is
+accepted as an encoding of $(0, -1)$.}
 
 \vspace{2ex}
 \EdSpecific is defined as in \cite{BDLSY2012}, using $\EdSpecificHash$ as the internal \hashFunction,
@@ -10612,6 +10616,12 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
 \intropart
 \lsection{Change History}{changehistory}
 
+\historyentry{2020.1.10}{2020-07-05}
+\begin{itemize}
+    \item Corrections to a note in \crossref{concreteed25519}.
+\end{itemize}
+
+
 \historyentry{2020.1.9}{2020-07-05}
 \begin{itemize}
     \item Add \crossref{networks}.