OK reading http://www.blooberry.com/indexdot/html/topics/urlencoding.htm one of the issues url-encoding is trying to deal with is shell's getting confused with shell special chars encoded in urls. So it is going to be simpler and safer for hashcash integration that just shell's the hashcash executable if it can be sure there should be no shell special characters. (So it can simply remove them). If we define that people doing this should put '' around the args to avoid shell interpretation, that leaves the shell unsafe char of ' (single quote). And these would be disallowed for regexp parsability: :;,= and the non-printables > ascii(127) and whitespace would be banned for 7-bit cleanness and mail-transport survivability. Apart from that we could leave encoding choice up to the extension. URL encoding might be appropriate for some extension involving web related stuff; some other encoding might be appropriate in some other scenario. As SpamAssassin 2.7 (which I think follows the linx kernel convention that the odd number releases are beta / dev releases) is using the existing version 0 format, I think it may be nicer to rev the version number. This brings us to current format: version:date:resource:random where version=0, for simplicity as no-one is using it retro-active definition change that resource can not contain a : New format: version:date:resource:[extension]:random:counter where extension is optional, version=1. no fields are allowed to contain : or ' or whitespace or non-printable. The extension format is something like: name1=val1,val2;name2=val3 etc name, value pairs with values being , (comma) separated list ; (semi-colon) name-value pairs separated by ; (semi-colons). we could put some time limit on acceptance of the version 0 format so it doesn't live for ever. Adam