On Friday, Mar 7, 2003, at 20:53 US/Eastern, Adam Back wrote:
See Michael Young's example: doing so breaks existing otherwise
compliant implementations.
They probably can be fixed. And since OpenPGP isn't a finished standard
yet this might be less of a problem in practice than it appears on
paper.
'From ' is pretty much the only thing interesting to protect in an
email message, as it is a separator between email messages.
It is also a protocol-specific hack. I strongly support simpler
solutions if they achieve the same purpose. Allowing arbitrary lines to
be escaped is simpler. OpenPGP too complex as-is.
The '-' escape was just a way to protect nested signatures etc to
avoid confusing the parser of the outer signatures.
The rule's been that way since at least 1992, and I haven't seen any
new chars needing quoting. So it's survived the test of time.
That doesn't mean that a simpler rule isn't a better idea. In fact,
ever since 1992, PGP has allowed for arbitrary lines to be escaped. So
one could argue that the current OpenPGP standard is too restrictive.
At the very least we can argue that the OpenPGP way of defining
escaping isn't sufficiently obvious that PGP get it wrong.
Cheers,
-J