Usually, you don't test 3rd party libs but assume that they test and fix it themselves. But you can still add an integration test
Discussion
yeah, he put it in there for the most frequent operation, verification, the signature is applied by the client after all
but for the case where an application is sending out ephemeral messages at a high volume it matters to ensure it works identically
i'm putting a toggle into it so it can be enabled or disabled, but enable it by default