"brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: > On Tue, Apr 10, 2018 at 04:24:27AM -0400, Eric Sunshine wrote: >> How confident are we that _all_ possible signing programs will conform >> to the "-----BEGIN %s-----" pattern? If we're not confident, then >> perhaps the user should be providing the full string here, not just >> the '%s' part? > > This is not likely to be true of other signing schemes. In fact, other > than OpenPGP, PEM, and CMS (S/MIME), this is probably not true at all. Hmph. That argues more strongly that we would regret unless we make the end-user configuration to at least the whole string (which later can be promoted to "a pattern that matches the whole string"), not just the part after mandatory "-----BEGIN ", methinks.
