Encryption keys in the OpenPGP spec
dshaw at jabberwocky.com
Mon Jul 27 17:35:38 CEST 2009
On Jul 27, 2009, at 11:15 AM, James P. Howard, II wrote:
> On Sun Jul 26 2009 23:09:18 GMT-0400 (EST) , David Shaw
> <dshaw at jabberwocky.com> wrote:
>> Because it is difficult (or nearly impossible) to determine the
>> difference from the perspective of GnuPG. That is, I as a person
>> know what I'm encrypting and what I plan on doing with it, but GnuPG
>> just sees bits. As a general-purpose OpenPGP tool, GnuPG pretty much
>> needs to treat both communications and storage as the same thing.
>> Other tools for more specific environments may "know" what their
>> usage is and can treat this differently.
>> This is expected behavior - the OpenPGP standard even mentions it:
>> Note however, that it is a thorny issue to determine what is
>> "communications" and what is "storage". This decision is left wholly
>> up to the implementation; the authors of this document do not claim
>> any special wisdom on the issue and realize that accepted opinion may
> I noticed this, too. But since I also do not claim any special wisdom
> on the issue, I was hoping someone would. Since we all seem to agree
> that communication and storage is difficult to distinguish, can
> suggest why different keys may be desired in different circumstances?
As one of the authors of the document, I have already disclaimed any
special wisdom ;)
A contrived example: say you are in an environment where you do both
email (communications) and archiving data (storage). You make a new
email (i.e. communications) subkey every year or so because you take
that key with you and want to make sure any exposure is limited. You
only make a new archiving (i.e. storage) subkey every 10 years because
of the inconvenience. Given those two use cases, you'd want the
ability to differentiate.
A better answer is that the ability is there in the standard as a tool
in the toolbox. Whether the need to differentiate comes for legal
reasons (long-term storage needing a particular key type or size as
per regulation), or for convenience (as in my example), or for some
other reason altogether doesn't matter. The ability is in the
standard in case someone wants to make use of it.
More information about the Gnupg-users