Standards and PGP wraper
John A. Martin
jam at jamux.com
Wed Nov 11 10:14:37 CET 1998
>>>>> "dp" == David Pick
>>>>> "Re: Standards and PGP wraper "
>>>>> Wed, 11 Nov 1998 11:13:53 +0000
>> >>>>> "dp1" == David Pick "Re: Standards and PGP wraper "
>> >>>>> Tue, 10 Nov 1998 18:37:41 +0000
dp1> It's just that I happen to feel that in many ways digital
dp1> signatures are more important than the basic encryption,
dp1> certainly if they become accepted (as I expect they will) as
dp1> legally equivalent to traditional hand-written signatures
dp1> sometime in the not-so-distant future.
>> Is there a problem with using a sign-only key for normal
>> signatures and using the signing key of a sign-and-encrypt pair
>> only in conjunction with encrypting?
dp> I'm not sure I understand you here. What do you mean by "using
dp> the signing key of a sign-and-encrypt pair only in conjunction
dp> with encrypting"? Surely, when encrypting you'd use the
dp> encryption key of the sign-and-encrypt pair and not touch the
dp> signing key. (If by sign-and-encrypt-pair you mean a sign-only
dp> key and an encrypt- only subkey.)
I mean to do signing alone with a sign-only key and use the sign part
of the sign+encrypt combo when doing sign and encrypt.
Isn't the motivation of signature-only keys served this way?
dp> Certainly it's possible to set up two top-level keys and use
dp> one (probably sign-only) for signing, and the other (just
dp> possibly encrypt-only) for encryption (and decryption!).
dp> But it's a lot less convenient because they look like two
dp> different keys to things like keyservers, import and export
dp> operations, and the like. And that can lead to confusions
dp> especially with less experienced users of PGP or GnuPG, they
dp> mightend up with only one of my keys on their keyring because
dp> they don't realise there's two of them.
dp> And it also probably forces me to tell my mailer that I always
dp> want to select the key to use for any operation because it
dp> won't have the ability to set *two* different keys as the
dp> defaults for the two different types of operation.
Teach your mailer new tricks. Easy for Emacs mailers. :-)
I see a number of people with sign-only keys apart from their
sign+encrypt keys on the servers.
A single one size fits all key seems to be a thing of the past.
I agree it is inconvenient.
Almost as inconvenient as having to continue with a separate pgp2
capability (in the US).
More information about the Gnupg-devel