I don't find it makes a lot of sense either.
Key size reduction is anyway easy to do whatever the packet formats --
from the cryptography directly: generate weak key-pairs, or weak
symmetric keys, or trap-door weak keys (weak if you know some secret
strong otherwise) etc. There have been a number of papers about how
to do this and how to do it well.
Adam
On Thu, Apr 18, 2002 at 07:53:04PM +0200, Werner Koch wrote:
On Thu, 18 Apr 2002 10:12:28 -0700, Jon Callas said:
Yes, it was seen to be a security problem. An evil implementation could leak
things (like your keys) there, or use it as a way to do key-size reduction.
Not very convincing; I'd put it into the unhashed area of signature
packets ;-)
Werner