Re: Dash-escaping clarification

[David Shaw <dshaw@xxxxxxxxxxxxxxx>]

On Fri, Mar 07, 2003 at 09:41:02PM -0500, Jeroen C. van Gelderen wrote:
> 
> On Friday, Mar 7, 2003, at 20:40 US/Eastern, David Shaw wrote:
> 
> >
> >On Fri, Mar 07, 2003 at 02:27:57PM -0500, Michael Young wrote:
> >
> >>- > ... A sentence saying something like "Any
> >>- > other line MAY be dash-escaped as well at the discretion of the
> >>- > sender" would be very helpful here.
> >>-
> >>- Sounds good, but as David points out, this may break existing 
> >>receivers.
> >>- See if yours can verify this.  (PGP6.5.3 silently accepts it.
> >>- GnuPG1.2.1 emits warnings on each line; it cannot verify this
> >>- signature, but if I remove the blank input line above, it can.)
> >
> >The point is that future receivers will know that such a thing is
> >possible.  They still don't have to support it - it's a MAY.
> 
> Erm, not the way I read it. A compliant implementation MAY generate 
> arbitrary dash escapes at the sender's discretion. A compliant receiver 
> MUST thus be able to handle this as it is a valid OpenPGP message. You 
> can't expect the sender to perform a capability check with the receiver 
> before sending the message.

Sorry, my error.  You are completely right.

> >It's hard to support something before it has been documented ;)
> 
> That definitely is true. But OpenPGP kinda documents the pre-existing 
> PGP. And it seems that the GnuPG people did test their implementation 
> against PGP which prompted allowing arbitrary escapes, albeit with a 
> warning.

Exactly.  There happens to be a minor detail of the GnuPG code so that
blank lines that are escaped are not accepted (i.e. a line with only
"- "), but that is easily remedied.

David