WebKit's implementation of Ed25519, when using macOS's CryptoKit, produces randomized signatures (presumably as per draft-irtf-cfrg-det-sigs-with-noise).

The current specification of EdDSA, in RFC 8032 (which we refer to), defines Ed25519 and Ed448 as being deterministic, making this implementation technically noncompliant (although for most practical purposes it won't make a difference).

@annevk has requested that we refer to draft-irtf-cfrg-det-sigs-with-noise in Web Crypto, however, from my understanding from the CFRG mailing list, there's no clear consensus on whether this draft should be published as an RFC, yet. The main disagreement seems to be about whether the definition of "Ed25519" should be changed or a new algorithm, e.g. "rEd25519", should be introduced.
Also, the draft is now expired again :/

So, we could either:

1. Wait until IETF 121 and see if a consensus arises
2. Refer to the draft anyway, and revert it if it isn't published as an RFC (however, it's a bit unclear how long we should wait for that)
3. Refer to "RFC8032 or its successors", such that using the draft becomes legal automatically if it does get published as an RFC (and informally speaking, WebKit could keep its current implementation if it believes that that'll happen).

@Frosne and @davidben (and of course @annevk, @nmahendru and @chris-wood), do you have any opinions?