@davidben from Chromium has expressed that they don't want to add checks beyond the ones that are already there in their implementation of Ed25519. So, we might want to make the small-order checks optional.

@galadran and @Frosne, since you have expressed the wish for having these checks, would you be OK with making them optional?

(I personally think it's a bit unfortunate that this would abandon the goal of having consistent verification results across all implementations, but I don't see another way of fulfilling everyone's wishes otherwise. Additionally, the implementations that have been shipped so far don't do all the checks, and it's probably best for the spec to reflect reality.)