oconnor663
commented
7 years ago One of the main design goals of the saltpack armor format is that you should be able to paste a message anywhere (Facebook, Reddit, whatever), and have it keep working and look reasonable. Unfortunately that property is almost impossible with clearsigning. It's very common for websites these days to interpret characters like * and _ as markup and strip them out, which means any cleartext message containing those characters will be broken when you try to verify it.
With PGP, I can clear-sign, so that the text of my message is available in plaintext, but armored with the signature. That way, if you have PGP, you can paste the whole thing into a verify command and confirm it, and if you don't have PGP, at least you as a human can read what I was trying to say.
Saltpack's detached signature format means it's possible to separate the signature from the plain text, but there's no convenient format to send both the message and the detached signature in a single text block. For example, everyone posting Saltpack signed messages to Mastodon right now to identify themselves is posting a message that humans can't read, even though the messages aren't encrypted. It might be that lacking this functionality is intentional (perhaps to discourage https://xkcd.com/1181/) but that wasn't clear from the docs.