not-dash-escaped option ?

Werner Koch wk@gnupg.org
Tue Oct 30 15:28:01 2001 

On Tue, 30 Oct 2001 08:20:23 -0500, "Toxik  said:

> The Man page explanation mentions one of the "advantages" of having dashes
> escaped, not the real reason. And if you use the option in GPG, then the
> "NotDashEscaped: You need GnuPG to verify this message" is included in the
> signed message, hardly a better explanation.

It quite often happens that one quotes a PGP cleartext signed message
in which case a signature of the outer message would break at the
  "-----END PGP SIGNATURE-----" line, although this is the one from
the quoted message.  To prevent this the simple rule of dash escaping
every line which begins with a dash is used.  

> Although it's a detail, it is rather unlogical to expect regular users to
> put up with this kind of modification of an original message, and

A MUA can pass a message through gpg which will strip the dash
escaped text, put gpg might not be installed of a user does not want
to check every signature.  Simply removing the dash escaped text is a
3 liner for a MUA and gives some comfort.

> integrity of a message. Is OpenPGP capable of evolving towards a version
> that would better suit "everyday users" of this technology ? How can OpenPGP

Use OpenPGP-MIME, this is the recommended way to create signatures,
actually it is a SHOULD in OpenPGP.

> advocate for a standard where a single "-" will break the parser ?

It does not break anything but patch is simply not able to handle this
- and you can't expect pacth to be aware of all kinds of strange encodings.

> Would it be possible for the MAN page of GPG to be updated to reflect this,
> instead of the (unix/patch files)-centric view of its usage ?

This feature is *only* useful for patch files - and it assumes such a semantic.

> I'd like to submit this as a comment to the RFC. Does anyone here know how
> to go about this ? I took a look at rfc-editor.org but didn't find any

You have to write to the OpenPGP WG - but there is no reason to do
this because we won't and can't change the specification for dash
escaped text.  And there is no need to add a implementation specific
feature to an RFC.

Ciao,

  Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus