-----BEGIN PGP SIGNED MESSAGE-----
The specification already mentions precautions in ElGamal
signature handling, and provides a reference.
The original question is still valid, though, and I'd also
be interested in seeing clarification. If the specification
includes ElGamal signatures, it should provide sufficient
definition to achieve interoperability. For other
algorithms, there is a discussion of how the hash is padded
(where applicable) and what the algorithm-specific fields in
the signature should be. One might guess that the same
PKCS-1 padding scheme should be used, and that the MPIs
should be the "r" (=g^k mod p) and "s" (=(h-r*x)/k mod p)
values, in that order. Is that right? Yes, I could use the
GnuPG source as the specification, but that shouldn't be
necessary.
If you want to argue that OpenPGP shouldn't support this
algorithm, and that it should be removed from the
specification entirely, I wouldn't object.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBOif2F2NDnIII+QUHAQF+PAf8DkebuHLUbNgHWtZv6r0vDTnnqxjZAEv6
B6UGtwa1llicCQUED+K5kfQDM4O4hi+GDfvrnnEhsmy7j2V2hBPwS0hWm6dnlmQF
I08MGLL6ZikTu6OZwMc9eQi7vlce7ZfWqSQc97T7muhq7oXQu66gYEN3AoaH600L
9xY9BF3NzogIsK74/UYWTFlshjRwtDyh4ycShoEk3CQPYoS0UBgWjxLbZcehup3w
T3plyY8GKD/z9BIakfvubkRp5V2t+onvjFj8pojqjqNSibv8izvuCOkBBePGBt+l
WNkbs97K7XzDNOF1Dh1unhbX6I7ZlBi5fZ+Vebzl3bx3m6eCGKnVPg==
=2FiL
-----END PGP SIGNATURE-----