Comment and Version lines leak information

Frank Tobin ftobin at
Mon Aug 6 08:25:01 CEST 2001

Anonymous, at 05:18 +0200 on Mon, 6 Aug 2001, wrote:

   A security program should not, by default, leak information.

You're talking about anonymity, which is different from security.  The
type of "security" you get from the measures you describe are merely

Furthermore, when developing a widely-distributed program such as GnuPG,
and trying to ensure interoperability, it is very useful to know what what
versions people are using.  Just like ssh and Apache, there is no attempt
to hide what version the software is.

The choice to erase stuff from the comment string is up to the user.  But
the benefits of the default comment, I feel, heavily outweigh any

Frank Tobin

More information about the Gnupg-devel mailing list