-----BEGIN PGP SIGNED MESSAGE----- I was glad to read Hal's comments of Jan 2 about sig suppression and his anecdote about trying to chain the penet and pax remailers. I was not aware til now that the penet sig test was any line which *starts with* "--". A more appropriate test would be any line *consisting of only* "--" (exactly two dashes). Do you know if the pax sig test is the same as penet's? I can't imagine any solution to your problem which does not involve changing either the remailer (tighter sig test) or PGP (recognize either ----- or - --- as starting a PGP message or key delimiter). The best solution so far appears to be Miron Cuperman's remailer which is similar to (based on) the cypherpunks remailer, but *requires* encrypted input and does not remail any unencrypted text which might preceed or follow the encrypted text. But some modification of Miron's remailer to process trailing plaintext seems to be necessary for ARA. I hope it will include some recognition of a well-defined unambiguous text delimiter such as - -----END OF MESSAGE BODY----- which will screen out any following text. John Gilmore commented on my request for sig suppression: Remove the file ".signature" from your home directory and you'll be done with *that* hassle. Well, my home directory doesn't *have" a ".signature" file! This is an MS-DOS based WAFFLE BBS. All the sigs on this system look the same so I suspect that they are made up from the user directory and some file outside my home directory. I am led to believe from the user doc that if I *create* a file "sig" or "mailsig" (no dots) in my home directory this may affect the auto sig produced, but I haven't had a chance to try it yet. My fear is that if I produce a null sig file that the "--" will still appear, making it obvious that the auto sig is nulled. If this "--" appears at the same time on both my regular and anonymous messages, people who see both may put two and two together. John: PS: An extra credit note for the differently clued among us: Suppose you wanted to have a *different* signature for each of your multiple identities? I guess the remailers had better not strip off signatures, eh? Since I make up my outgoing mail offline, I would prefer to copy in the correct sig corresponding to each message identity. That way I can see that the correct sig is matched with the correct msg in each case. I can easily avoid remailer stripping by using a delimiter like "**" instead of "--". As I said in a previous msg, the problem with auto sigs is reliably switching them as you send out (with an automatic script) messages from your different ID's. Since getting the wrong sig on the wrong msg could result in jail, under some circumstances, I consider this a serious problem. An "anonymous" remailer which allows a user to lose his anonymity through a simple lapse (forgetting about the auto sig) is one too dangerous for me to use. In another msg, John Gilmore delivers a long harangue about "Why mailers should not touch the body". I agree with the above phrase if we differentiate "mailers", which are necessary for the generation and forwarding of all mail, from "anonymous remailers", which have to be specifically requested by the message sender, and whose only purpose is to obscure the message origin. Since the automatic signature often reveals the message origin, it's quite compatible with the mission of an anonymous remailer to remove it. John doesn't want PGP changed to eliminate trailing blanks on signed plaintext. (Which I think would fix about 90+% of current problems verifying sigs). He wants us all to suffer until all the mailers in the world are fixed to pass 8-bit binary. Well, I won't hold my breath for that. I think UUENCODE and PGP armored form are going to be around a long time. I prefer a more pragmatic approach that will give more immediate relief. -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBK0rOvt4nNf3ah8DHAQGBrQP+I9DKzknWE6sNTmYeSga3tQWv2IrHQPyc hnqgXXqwq6GRvOUvGXqHdig9jfXbatYh7uYuMqn61xP9409JXnNJZ7QQuB9vSNdz K5gvCKksPKjJoxAb5miDJvf61bS3N/bavl8gHM80DaRxv0n5UlzymLAvurZrL2qR ZxgCWhz9P3o= =CAUz -----END PGP SIGNATURE----- -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca