Rare condition incompatibility of public key

David Shaw dshaw at jabberwocky.com
Mon Dec 1 07:23:11 CET 2008


On Dec 1, 2008, at 1:00 AM, Robert J. Hansen wrote:

> David Shaw wrote:
>> I think that last question is irrelevant, as it follows from the
>> "doesn't trust versions that Phil hasn't worked on", which makes it
>> derived from a false premise.  It does not matter whether Phil has
>> worked on 7.0 and later, or indeed any version of PGP, because Phil
>> being involved does not ipso facto cause PGP to be good (for whatever
>> value of "good" you like).
>
> Warning to all: I am going to be even more blunt and direct than  
> usual.
> If my usual level bothers you, as I know it does for some people, you
> may wish to just hit 'delete' and move on.
>
>
>
>
>
>
> It does if your definition of "good" is "Phil Z. worked on it."
>
> I agree that the axiom is crazy, but it doesn't do much good to tell
> someone "your axiom is crazy, change it" if they're not capable of
> either (a) understanding why their axiom is crazy or (b) how to apply
> their new axioms in a consistent way.
>
> In my experience it works better to say "well, assuming /arguendo/  
> that
> you're right and nothing non-PRZ related should be trusted, why aren't
> you trusting these things PRZ is involved in?".  That gets people
> thinking logically and critically about how their policy decisions
> evolve from their axioms.  Once they have some experience at critical
> thinking with respect to trust, then it's time to say "so, if we were
> going to draft new axioms from scratch, what should they be and why?"
>
> I fully agree that the axiom is somewhere between "crazy" and "grossly
> misinformed."  Unfortunately, in my experience the overwhelming  
> majority
> of users don't understand trust, don't want to understand trust, and  
> run
> away screaming when asked to think about trust in a logical manner.   
> You
> have to bring them to rationality slowly and in infinitesimally  
> small doses.

I strongly disagree.  Explaining to them that PRZ was present for  
other versions of PGP feeds their "grossly misinformed" world view.   
It's not a "small dose" of reality: it's an irrelevant (despite being  
factual) statement that just corroborates their misunderstanding.   
This leaves them with the belief that their understanding was correct  
all along, and thus makes the situation worse.   How much harder is it  
to bring reality to a situation once someone has "fed" the  
misunderstanding?

I've had my share of conversations with the PGP True Believers over  
the past 10 years.  After much painful experience, the method that has  
always worked best for me is to state:

1) This is reality.  Full stop.
2) I will help you understand why this is true if you want me to (but  
if you aren't interested, that's fine too).
3) If you keep doing what you're doing, you're going to break  
something.   Usually this only hurts you, but sometimes you can hurt  
people other than yourself.
4) Keep this up long enough, and you will isolate yourself.  Nobody  
will be able to communicate with you reliably.  That tends to resolve  
statement #3.

David




More information about the Gnupg-users mailing list