PKCS-1 block type 02 [RFC2437] (Was: [RFC2313]) to form the "m"
value used in the formulas above.
You need to observe the changes in terminology if you refer to the new
PKCS #1.
The signature packet format is still specified as including "zero or
more subpackets", but the subpacket hints section mentions in passing
that two packets are mandatory.
The notes about backward compatibility don't mention that PGP 2
requires certain formats for some packet types.
I don't think the note
* (Added:) PGP 2.6.X and 5.0 do not trim trailing whitespace from a
"canonical text" signature. They only remove it from cleartext
signatures.
is particularly clear on how to interoperate.
The security notes should mention that only v3 RSA signatures are bound to
the hash algorithm, so that v4/DSA signatures can be forged if any one of
the hash algorithms is broken, even if the signer doesn't use that algorithm.