On Jul 27, 2009, at 11:15 AM, James P. Howard, II wrote:
On Sun Jul 26 2009 23:09:18 GMT-0400 (EST) , David Shaw
<ds...@jabberwocky.com> wrote:
Because it is difficult (or nearly impossible) to determine the
difference from the perspective of GnuPG. That is, I as a person
know what I'm encrypting and what I plan on doing with it, but GnuPG
just sees bits. As a general-purpose OpenPGP tool, GnuPG pretty much
needs to treat both communications and storage as the same thing.
Other tools for more specific environments may "know" what their
usage is and can treat this differently.
This is expected behavior - the OpenPGP standard even mentions it:
Note however, that it is a thorny issue to determine what is
"communications" and what is "storage". This decision is left wholly
up to the implementation; the authors of this document do not claim
any special wisdom on the issue and realize that accepted opinion may
change.
I noticed this, too. But since I also do not claim any special wisdom
on the issue, I was hoping someone would. Since we all seem to agree
that communication and storage is difficult to distinguish, can
someone
suggest why different keys may be desired in different circumstances?
As one of the authors of the document, I have already disclaimed any
special wisdom ;)
A contrived example: say you are in an environment where you do both
email (communications) and archiving data (storage). You make a new
email (i.e. communications) subkey every year or so because you take
that key with you and want to make sure any exposure is limited. You
only make a new archiving (i.e. storage) subkey every 10 years because
of the inconvenience. Given those two use cases, you'd want the
ability to differentiate.
A better answer is that the ability is there in the standard as a tool
in the toolbox. Whether the need to differentiate comes for legal
reasons (long-term storage needing a particular key type or size as
per regulation), or for convenience (as in my example), or for some
other reason altogether doesn't matter. The ability is in the
standard in case someone wants to make use of it.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
