Jon Callas, <jon(_at_)callas(_dot_)org>, writes, regarding data in sig packets:
The reason I want it there is so that someone, if they wanted to, could
make a "bloated" signature. An example of why you might want to do this is
PGPticket. These are very light weight authorization certificates. Vinnie
has a great example of using this. He has a file-server extension that
accepts tickets and can allow you access to the server simply by writing
you an appropriate ticket. It's very cool, and works really nicely.
Couldn't this be done though by simply defining a data packet format
as for any other protocol, then signing the data packet? I don't see
any inherent reason why all authenticated data must go in sig packets.
Sigs authenticate the data packets they sign, so anything in those data
packets is as strongly authenticated as the contents of the sig packets.
Hal