Comment and Version lines leak information
Frank Tobin
ftobin at uiuc.edu
Mon Aug 6 08:25:01 CEST 2001
Anonymous, at 05:18 +0200 on Mon, 6 Aug 2001, wrote:
A security program should not, by default, leak information.
You're talking about anonymity, which is different from security. The
type of "security" you get from the measures you describe are merely
obsfucation.
Furthermore, when developing a widely-distributed program such as GnuPG,
and trying to ensure interoperability, it is very useful to know what what
versions people are using. Just like ssh and Apache, there is no attempt
to hide what version the software is.
The choice to erase stuff from the comment string is up to the user. But
the benefits of the default comment, I feel, heavily outweigh any
negatives.
--
Frank Tobin http://www.uiuc.edu/~ftobin/
More information about the Gnupg-devel
mailing list