Hi!

After the release of gnupg 1.4.0 a lot of people complained that they
were not able to verify my signature anymore.  The reason for this is
due to a change in OpenPGP and thus gpg to not strip trailing white
spaces anymore for signing.  PGP/MIME (rfc 3156) defines rules on how
to protect against this problem (most PGG and OpenPGP implementations
did it differently in the past) but these rules are not follwed by
mml2015.  In particular, rfc 3156 states:

   Additionally, implementations MUST make sure that no trailing
   whitespace is present after the MIME encoding has been applied.

the example given also states:

      & Also, in some cases it might be desirable to encode any   =20
      & trailing whitespace that occurs on lines in order to ensure  =20
      & that the message signature is not invalidated when passing =20
      & a gateway that modifies such whitespace (like BITNET). =20

This message is signed and the "-- " before the signature lines should
have been send as "--=20".  I suggest to convert the last of a run of
trailing spaces to QP.  My Gnus version is v5.10.6.


Shalom-Salam,

   Werner

-- 
Werner Koch                                      <wk@gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org