Signing infinite point

[dot-asm]

Signing infinite point in step 2 of the CoreSign procedure is as cryptographically meaningless as having SK==0. For formal completeness it's appropriate to explicitly spell it in one way or another. One way could be to explicitly make it application's problem, i.e. suggest/demand that application specifies how to handle this case (of message hashing to infinity). This implies that infinite [individual] signatures would have to be effectively banned in this draft. Another way is to require that hash_to_point never returns infinity. It's unfeasible to amend draft-irtf-cfrg-hash-to-curve, except maybe allowing to return a fixed precomputed value in case it's about to return infinity? Say generator*h_eff?

[dot-asm]

Since some are not on the watchers list, just in case ping @kwantam, @sergeynog, @hoeteck.