Storage Keys vs. Communication Keys; SHOULD/SHOULD NOT/MUST/MUST NOT
CMR vs. CDR vs. GACK vs. CMRK.
I don't think we'll be able to find a satisfactory answer to this,
or at least not that's useful for a standard like OpenPGP.
The problem is that PGP doesn't _do_ Storage or Communication;
it takes a batch of input data, does crypto, and produces output data.
Since PGP doesn't know what other programs do with its output data,
it can't implement DO/DONT/SHOULD/MUST; they're out of its scope.
PGPdisk does storage. SMTP does communication, and could add crypto.
The old PGP2.6.2 did most of its crypto on files, but still generated
output files from input files rather than directly doing storage,
and it didn't do any communication at all.
There are some aspects of what PGP does that are relevant -
if you're encrypting a file to a public key for which you don't
hold the private key, you're probably going to use it with a
communication program. If you're encrypting files using symmetric keys,
especially symmetric keys encrypting a random session key,
you're more likely to be using it for storage. If a key expires,
and it's an encryption key rather than signature, it's probably not
for storage, but maybe you still want some forward secrecy built in,
and you don't really need public key. If you're sharing your
storage with a backup-server, though, you may want to reencrypt to
their key.
Thanks!
Bill
Bill Stewart, stewarts(_at_)ix(_dot_)netcom(_dot_)com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639