On Fri, Jan 06, 2006 at 02:12:58PM +0100, Werner Koch wrote:
Frankly, I believe that all headers except for Hash are not very
useful. People are often bemused if you tell them that they should
use sed to fix or add armor header lines. I am pretty sure many of
them believe that the armor header lines are part of the signed text
which does not wonder me because a line just above says "begin pgp
signed message" and not "pgp signed messages begins after the next
blank line".
That is precisely why I think that headers should not be displayed when
reporting on successful verification, but that's just a "best practice" and
has little bearing on the standard.
Otherwise, I agree with you that cleartext signed messages are least
ambiguous with just Hash headers and nothing else before the clearsigned
content. Maybe, we should consider disallowing everything else? After all,
version information and other stuff can go to the armor header of the
signature. Placing headers before the actual clearsigned content is
confusing, indeed. I don't think that many implementations use this
"feature", so by disallowing it, we might not break anythink. What do you
think?
--
Daniel