* gpg.sgml: Note that --throw-keyid is --throw-keyids. Note changes in

--pgp8.  Rephrase the "don't play algorithm games" warning now that PGP
has blowfish, zlib, and bzip2.

doc/ChangeLog

@@ -1,3 +1,9 @@
+2004-09-14  David Shaw  <dshaw@jabberwocky.com>
+
+	* gpg.sgml: Note that --throw-keyid is --throw-keyids.  Note
+	changes in --pgp8.  Rephrase the "don't play algorithm games"
+	warning now that PGP has blowfish, zlib, and bzip2.
+
 2004-08-07  David Shaw  <dshaw@jabberwocky.com>
 
 	* gpg.sgml: Remove show-long-keyids since it is replaced by

doc/gpg.sgml

@@ -1986,18 +1986,14 @@ disables this option.
 </para></listitem></varlistentry>
 
 <varlistentry>
-<term>--throw-keyid</term>
+<term>--throw-keyids</term>
+<term>--no-throw-keyids</term>
 <listitem><para>
-Do not put the keyids into encrypted packets.  This option hides the
+Do not put the recipient keyid into encrypted packets.  This option
-receiver of the message and is a countermeasure against traffic
+hides the receiver of the message and is a countermeasure against
-analysis.  It may slow down the decryption process because all
+traffic analysis.  It may slow down the decryption process because all
-available secret keys are tried.
+available secret keys are tried.  --no-throw-keyids disables this
-</para></listitem></varlistentry>
+option.
-
-<varlistentry>
-<term>--no-throw-keyid</term>
-<listitem><para>
-Resets the --throw-keyid option.
 </para></listitem></varlistentry>
 
 <varlistentry>
@@ -2012,7 +2008,6 @@ line, patch files don't have this. A special armor header
 line tells GnuPG about this cleartext signature option.
 </para></listitem></varlistentry>
 
-
 <varlistentry>
 <term>--escape-from-lines</term>
 <term>--no-escape-from-lines</term>
@@ -2128,7 +2123,7 @@ Set up all options to be as PGP 6 compliant as possible.  This
 restricts you to the ciphers IDEA (if the IDEA plugin is installed),
 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the
 compression algorithms none and ZIP.  This also disables
---throw-keyid, and making signatures with signing subkeys as PGP 6
+--throw-keyids, and making signatures with signing subkeys as PGP 6
 does not understand signatures made by signing subkeys.
 </para><para>
 This option implies `--disable-mdc --no-sk-comment --escape-from-lines
@@ -2149,9 +2144,8 @@ TWOFISH.
 <listitem><para>
 Set up all options to be as PGP 8 compliant as possible.  PGP 8 is a
 lot closer to the OpenPGP standard than previous versions of PGP, so
-all this does is disable --throw-keyid and set --escape-from-lines.
+all this does is disable --throw-keyids and set --escape-from-lines.
-The allowed algorithms list is the same as --pgp7 with the addition of
+All algorithms are allowed except for the SHA384 and SHA512 digests.
-the SHA-256 digest algorithm.
 </para></listitem></varlistentry>
 
 </variablelist></para></listitem></varlistentry>
@@ -2481,10 +2475,11 @@ This is an obsolete option and is not used anywhere.
 <varlistentry>
 <term>--try-all-secrets</term>
 <listitem><para>
-Don't look at the key ID as stored in the message but try all secret keys in
+Don't look at the key ID as stored in the message but try all secret
-turn to find the right decryption key.	This option forces the behaviour as
+keys in turn to find the right decryption key. This option forces the
-used by anonymous recipients (created by using --throw-keyid) and might come
+behaviour as used by anonymous recipients (created by using
-handy in case where an encrypted message contains a bogus key ID.
+--throw-keyids) and might come handy in case where an encrypted
+message contains a bogus key ID.
 </para></listitem></varlistentry>
 
 <varlistentry>
@@ -2860,8 +2855,8 @@ is *very* easy to spy out your passphrase!
 </para>
 <para>
 If you are going to verify detached signatures, make sure that the
-program knows about it; either be giving both filenames on the
+program knows about it; either give both filenames on the command line
-command line or using <literal>-</literal> to specify stdin.
+or use <literal>-</literal> to specify stdin.
 </para>
 </refsect1>
 
@@ -2869,8 +2864,8 @@ command line or using <literal>-</literal> to specify stdin.
     <title>INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS</title>
 <para>
 GnuPG tries to be a very flexible implementation of the OpenPGP
-standard.  In particular, GnuPG implements many of the "optional"
+standard.  In particular, GnuPG implements many of the optional parts
-parts of the standard, such as the RIPEMD/160 hash, and the ZLIB
+of the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
 compression algorithms.  It is important to be aware that not all
 OpenPGP programs implement these optional algorithms and that by
 forcing their use via the --cipher-algo, --digest-algo,
@@ -2880,14 +2875,15 @@ cannot be read by the intended recipient.
 </para>
 
 <para>
-For example, as of this writing, no (unhacked) version of PGP supports
+There are dozens of variations of OpenPGP programs available, and each
-the BLOWFISH cipher algorithm.  If you use it, no PGP user will be
+supports a slightly different subset of these optional algorithms.
-able to decrypt your message.  The same thing applies to the ZLIB
+For example, until recently, no (unhacked) version of PGP supported
-compression algorithm.  By default, GnuPG uses the standard OpenPGP
+the BLOWFISH cipher algorithm.  A message using BLOWFISH simply could
-preferences system that will always do the right thing and create
+not be read by a PGP user.  By default, GnuPG uses the standard
-messages that are usable by all recipients, regardless of which
+OpenPGP preferences system that will always do the right thing and
-OpenPGP program they use.  Only override this safe default if you know
+create messages that are usable by all recipients, regardless of which
-what you are doing.
+OpenPGP program they use.  Only override this safe default if you
+really know what you are doing.
 </para>
 
 <para>