David Shaw wrote:
Can you give an example of why you feel this is a bug?
I think it is a bug if we decide that the
process of cleartext signing is reversable.
So, if the process of verification creates
a file that is the pre-signed version, then
it has to decide whether the final CRLF has
to be preserved or stripped in the unsigned
output.
So, does this output as a line terminated
string or as an unterminated string? :
-----BEGIN PGP SIGNED MESSAGE-----
my signed text
-----BEGIN PGP SIGNATURE-----
xxxxx
-----END PGP SIGNATURE-----
Now, if we decide that the process of signing
is not one that is deterministically reversable,
it is not an issue. In practice, verification
is possibly all we need - and we have that.
(I have been unable to convince myself that we
need reversibility - I can't think of a case
where I would want it... but that's just me!)
iang