Hi Werner,

thanks! So, for GnuPG "Version:" we are ok.

I'm going to push forward the other application authors to disable the Comment:
field, at least removing the version information.

Would it possible also to provide a switch to prevent/filter out the adding of
"Comment:" header by default?

As i did notice that all software using GnuPG add a "Comment:" version with
additional "version leak" (such as EnigMail, MacGPG, etc).

I think that would be valuable if GnuPG would, by default, filter out the
"Comment:" header unless a specific command line switch is enabled.

A Default that does not allow "Comment:" by default.

A command line switch, like --enable-comment-header, to enable it.

That way, most of the software integrating GnuPG, when upgrading will need to
manage this condition and, by default, they will not leak additional information
in the "Comment:" header.

What do you think=

Added GPGtools ticket
http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header

A discussion on this issue started on liberationtech mailing list on
https://mailman.stanford.edu/pipermail/liberationtech/2013-November/012239.html

This issue has been reported also on Enigmail
https://sourceforge.net/p/enigmail/bugs/215/