On 12/30/25 03:47, Werner Koch wrote: > On Tue, 30 Dec 2025 00:34, Jacob Bachmeyer said: > >> structure, or is this basically an unfixable problem? Could GPG >> perform such validation steps and emit a warning if a clearsigned >> message does not strictly conform? > > It does. The thing here is that you need to known what has been signed. > The only way to do this is to let gpg give you the signed and unescaped) > data (with --output FILE). Actually we have the same problem with MIME > when forwarding a mail. Not all MUAs correctly mark which parts are > signed by which signature.
What about for detached signatures? -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
