have been away for a while, and did not have a chance to respond to the discussion about the comment and version fields
(and yes, i agree that the proper place would be the ietf wg but they are currently involved in trying to get the rfc revision through, and might not want to consider other issues at this time) just wanted to point out that the 'comment' line doesn't need to have the word 'Comment:', it only needs to have a ':' so the following can be inserted instead of or in addition to, the 'comment' and 'version' lines, GNUPG WARNING: This signing key has been reported to be compromised the signature would still verify, but this could potentially be misleading to people just starting out with gnupg maybe, even though it is not strictly necessary, it would certainly be helpful, if a short statement could be included into the gnupg documentation saying something like: " In a clearsigned message, the only part that is authenticated is the text of the message. This is the part in between the dashed lines, -----BEGIN PGP SIGNED MESSAGE----- and -----BEGIN PGP SIGNATURE----- Any insertions between the line, -----BEGIN PGP SIGNATURE----- and the signature block itself, is *NOT* authenticated, and may be altered without affecting the verification. If there is any question about such insertions, please check them with the sender. " the above is only a 'suggested text', and could probably be improved on, because of backward compatibility, it is unlikely that the comment/version/ etc. lines could now be changed to be part of the authenticated material, so the most practical thing might be just a small explanatory note in the user manual. vedaal -- Click for free info on associates degrees and make $150K/ year http://tagline.hushmail.com/fc/CAaCXv1JDCVzkVeKF0dkzPEhplFm4udA/ _______________________________________________ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
