More strongly deprecate the Cleartext Signature Framework, and require rejecting misleading CSF messages
Give an example of a misleading CSF message, and discourage their use.
Also, require rejecting CSF messages with misleading Hash
headers.
Edited by Daniel Huigens