`sqopv verify` "verifies" a CSF message as though it were SIGNATURES

sop verify is meant to verify detached signatures. That is, it compares a text or binary data against a SIGNATURES object, with reference to a set of acceptable signers.

sqop (and sqopv) are both willing to treat a message using the cleartext signature framework ("CSF Message") as a SIGNATURES object in this case. I don't think it should do that, because it is effectively confusing the type of object it receives with the type that it expects (see also §11.4. Type safety matters even in the shell!

Below is a transcript that demonstrates the concern. every command in it succeeds, but I think the final command (sqop verify) should have failed.

0 dkg@bob:~$ sqop version --extended
sqop 0.36.0
sop-rs 0.8.0
Nettle 3.10 (Cv448: true, OCB: true)
Sequoia 1.21.2
0 dkg@bob:~$ sqop generate-key > test.key
0 dkg@bob:~$ sqop extract-cert < test.key > test.cert
0 dkg@bob:~$ echo test | sqop inline-sign --as=clearsigned test.key > test.csf.msg
0 dkg@bob:~$ sqop inline-verify test.cert < test.csf.msg
test
0 dkg@bob:~$ echo test | sqop verify test.csf.msg test.cert
2024-12-04T20:22:46Z 6B34A918E6600385B94F475FF0CBE91CA5F92939 5A5DB4A8640CBC762368A78F5135611A905F3E17 mode:text {"signers":["test.cert"]}
0 dkg@bob:~$