David Shaw wrote (back in Feb):
1) 2440 says of the canonical text signature (sigclass 0x01):
The signature is calculated over the text data with its line
endings converted to <CR><LF> and trailing blanks removed.
This is different than what every version of PGP though 8 does.
These implementations do the <CR><LF> line endings, but do not
remove trailing blanks (essentially PGP 2.x behavior).
We've discussed his issue 2) elsewhere. Issue 1) remains,
if I'm not mistaken. Any comments?
Myself, I'm minded to say it should be either:
i. there should be no trimming, as the binary
(as opposed to cleartext) signature form
implies careful handling (mime/zip) and
thus special care is less needed,
ii. it should be the same as the cleartext
signature method, for less confusion.
(Unfortunately, both these require a compatibility
I personally am not fussed, but I concur with David's
original request, that it be nailed down so that we
can move forward and have the implementations match.