It has been suggested that our mail/news client offer an option to "fix
up" the Usenet sig separator in clear-signed messages to
newsgroups/mailing lists - the problem being that the "-- " gets stuffed
to "- -- " with the result that recipients' clients will no longer
recognize and strip the personal signature in response messages.
The dash-escaping leads to complaints about clear-signed messages to
some groups and some users have taken to removing the dash-escaping by
hand. Although this breaks RFC2440, (NAI)PGP clients still seem to
correctly "de-escape" the message and verify the PGP signature.
The question is, how do openPGP clients cope with such messages and what
do other client vendors think about this? Since [open]PGP clients only
need to be able to correctly parse nested ASCII-armored header lines,
and these all begin with five hyphens, it would be possible to make an
exception for lines such as "-- " when doing the dash-escaping.
Munging the "- -- " back to "-- " does seem to yield benefits in inter-
operability (for the sig-sep convention) and acceptability of PGP-signed
messages, but it is important that it doesn't break inter-operability
between PGP clients.
Should RFC2440bis be updated to mention this? Do any existing clients
fall over by spotting that some lines are escaped at the "wrong" depth?
--
Ian Bell T U R N P I K E