[PATCH] avoid publishing the GnuPG version by default
ilf at zeromail.org
Fri Aug 5 10:53:57 CEST 2016
Daniel Kahn Gillmor:
> The version of GnuPG in use is not particularly helpful.
> It's probably better to take the more parsimonious approach to
> metadata production by default.
Werner, Daniel and I talked about this at the OpenPGP-session during
IETF 96.  Thanks Daniel, for following up on this!
I fully support this proposal.
Since "Pervasive Monitoring Is an Attack" , let's minimize metadata
as much as possible, especially if it's unencrypted *and* not
The riseup.net "OpenPGP Best Practices"  refer to a gpg.conf 
which already implements "no-emit-version". I and many other people have
been using this with many implementations on many plattforms for a long
time, without any problems. So I see no technical reason against the
Even RFC 4880 lists no pressing reason for including this by default:
> The Armor Headers are pairs of strings that can give the user or the
> receiving OpenPGP implementation some information about how to decode
> or use the message. 
I can't see how "Version: GnuPG v2" tells me or an OpenPGP
implementation "how to decode or use the message".
Let's just drop it.
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: not available
More information about the Gnupg-devel