On Friday, Mar 7, 2003, at 20:40 US/Eastern, David Shaw wrote:
On Fri, Mar 07, 2003 at 02:27:57PM -0500, Michael Young wrote:
- > ... A sentence saying something like "Any
- > other line MAY be dash-escaped as well at the discretion of the
- > sender" would be very helpful here.
-
- Sounds good, but as David points out, this may break existing
receivers.
- See if yours can verify this. (PGP6.5.3 silently accepts it.
- GnuPG1.2.1 emits warnings on each line; it cannot verify this
- signature, but if I remove the blank input line above, it can.)
The point is that future receivers will know that such a thing is
possible. They still don't have to support it - it's a MAY.
Erm, not the way I read it. A compliant implementation MAY generate
arbitrary dash escapes at the sender's discretion. A compliant receiver
MUST thus be able to handle this as it is a valid OpenPGP message. You
can't expect the sender to perform a capability check with the receiver
before sending the message.
In any case, I'd like to make sure that if we allow the sending of
arbitrary dash-escapes we also REQUIRE clients to be able to handle
this. Otherwise we are introducing yet another complication in an
already overly complex protocol. Even the x86 instruction set looks
clean compared to the current OpenPGP spec. (And, yes, that is a vote
against v3 support.)
Come to think of it, in good PGP tradition, we could REQUIRE acceptance
now and add MAY arbitrarily escape in a year or so ;)
It's hard to support something before it has been documented ;)
That definitely is true. But OpenPGP kinda documents the pre-existing
PGP. And it seems that the GnuPG people did test their implementation
against PGP which prompted allowing arbitrary escapes, albeit with a
warning.
Cheers,
-J