"brian m. carlson" <sand...@crustytoothpaste.net> writes:
> On Tue, Apr 10, 2018 at 04:24:27AM -0400, Eric Sunshine wrote:
>> How confident are we that _all_ possible signing programs will conform
>> to the "-----BEGIN %s-----" pattern? If we're not confident, then
>> perhaps the user should be providing the full string here, not just
>> the '%s' part?
> This is not likely to be true of other signing schemes. In fact, other
> than OpenPGP, PEM, and CMS (S/MIME), this is probably not true at all.
That argues more strongly that we would regret unless we make the
end-user configuration to at least the whole string (which later can
be promoted to "a pattern that matches the whole string"), not just
the part after mandatory "-----BEGIN ", methinks.