My public key, for those wanting to check the sig on the message below: -----BEGIN PGP PUBLIC KEY BLOCK----- mQCNAiqsNkwAAAEEAMKWM52m5EWi0ocK4u1cC2PPyHT6tavk9PC3TB5XBYDegf3d sldRpnjJj1r+aO08FFO+QLEI9wtBqvf1PPP5iLX7sD2uIVlJH14MPtyVtjm9ZKb8 JMtCW74045BgtHBC9yQ3V7vXNV5jM6dE2ocnH4AI/pBFrGLJPKgTA69YIUw3AAUR tCZIYWwgRmlubmV5IDw3NDA3Ni4xMDQxQGNvbXB1c2VydmUuY29tPokAlQIFECqu M1Tidd4O/2f3CwEByrUD/3uoV2y+Fuicrrd2oDawgOw9Ejcx6E+Ty9PVPqKvflLs 0zYyGfeFVSgBbTSDP3X91N3F68nydl9J9VA6QRCGelHM1cZRukCJ0AYbKYfpwUN0 xjEGHsDrd2gT5iWlB3vBZvi+6Ybs4rSq+gyZzVm1/+oRrMen32fz2r0CLgUtHok2 =fF6Z -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNED MESSAGE----- Phil Karn asks about end-of-line conventions for signed text messages. PGP uses the convention of lines terminated by carriage-return-line-feed. On Unix systems or other systems which don't use that convention, it attempts to change the message into this "canonical" text mode before calculating or checking the signature. The issue of trailing blanks is more problematical. Some mail gateways and some mail "user agent" software apparently take liberties with blanks at the end of lines. The PGP canonical text format does not include any specification for whether lines could or could not have blanks at the end. If mailers will leave trailing blanks alone, then PGP cleartext signed messages will have correct signatures. If some intervening mailer has added or removed trailing blanks, then the signatures will be wrong. Presumably something like this has happened to my signed message on which Edgar found a bad signature. Perhaps Edgar could try stripping any trailing blanks from his copy of my message and see if it then signature-checks OK. I'll double-check that this message is signed with no trailing blanks. Then if you get a bad signature, I predict that you must have trailing blanks in your copy of the file. I'd appreciate hearing whether this prediction is correct. It would be possible to change PGP's canonical text format to specify that lines have no blanks at the end. In that case, PGP would, whenever it computed or checked a signature on a text file, process the file to make sure that each line ended with a CRLF preceded by no trailing blanks. I think this would solve a lot of the gateway problems. But it would be a somewhat more "aggressive" change to what the user is asking PGP to sign. The design of PGP's cleartext signature was influenced by PEM, which also uses a canonical text format for line terminators, but doesn't deal with trailing spaces, as far as I know. The real solution, IMO, is to fix those broken mailers that add or remove spaces. I don't see why this behavior has ever been put into mail gateways. Hal Finney 74076.1041@compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBKzfNHqgTA69YIUw3AQGNdwP/Q51Lvmee1cTb865aInePsRxMTe4qfjeU DSP8o5hHlBKbII8mCrU/WHZ7upjO3ak4E6wZDyOexsfJFH4FIMnDueihrVVXevlA FWUQopZIyG4P5Wzofgra8BSjw5WzVZncW2alPQFuB40D9N9VgyopX8IktktVPs4p qDkHsn9zIpU= =K/Ui -----END PGP SIGNATURE----- Distribution: CYPHERPUNKS >INTERNET:CYPHERPUNKS@TOAD.COM