On 4/18/2002 9:44 AM, "David Shaw" <dshaw(_at_)jabberwocky(_dot_)com> wrote:
I understand that at some point in the past one of the OpenPGP drafts
had a "comment packet" defined. It seems to have been dropped
somewhere along the way, and I was wondering if anyone recalled why?
Yes, it was seen to be a security problem. An evil implementation could leak
things (like your keys) there, or use it as a way to do key-size reduction.
The area directors were forceful and persuasive in their arguments.