[Cryptography] More efficient and just as secure to sign message hash using Ed25519?

[Allen]

> If you are really worried about future collisions in SHA-512 you can sign an HMAC instead of a simple hash.

I think for my application I'm going to end up signing a short input that consists of the concatenation of (the 512 bit hash of the message || the length of the message || a few small values that in my application tie the message to its context).  In theory, the extra values aren't necessary, but it is a low cost way to harden the algorithm slightly and counter the potential perception that I took a shortcut in implementing the Ed25519 algorithm.