On 10/5/2011 5:31 AM, Laurent Jumet wrote: > In my opinion, a key-to-card key should *never* have an existent > backup.
"Never" is one of those words that's best used sparingly. > Purpose of cards is "one man"/"one card", as the card is > supposed to identify the man for all purposes. This is one particular purpose of cards. It is not the sole purpose. In my daily work I walk from one lab to another to another. Some of these labs have trusted hardware on trusted networks. Others have untrusted hardware connected to untrusted networks. On the trusted networks I want my certificate there on disk, because it's more convenient to do that than to keep reaching for my wallet every time I need to sign something. On the untrusted network I want my certificate on a card, because I don't want the secret part of my certificate to ever touch that hardware. There are many other use cases similar to this in which it makes good sense to have certificates on hard drives as well as certificates on cards. I'm sure that if you think about it for a while you'll come up with several other reasonable scenarios. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
