I'm developing an app that uses ECDSA for identity management, a steep learning curve wrt best practices. Is it wrong or just bad form to leave a signed message visible or discoverable? The data being signed is hashed (or at least, it will be soon).
Any advice is greatly appreciated, or references to reading material...
Thanks!
