Teaching crypto to newbies (was: incompat.)

David Shaw dshaw at jabberwocky.com
Mon Dec 1 16:25:36 CET 2008

On Dec 1, 2008, at 3:05 AM, Robert J. Hansen wrote:

> David Shaw wrote:
>> How much harder is it to bring reality to a situation once someone
>> has "fed" the misunderstanding?
> Should we forbid high schools from teaching Newtonian physics?  The
> notions of absolute space and absolute time are gross  
> misunderstandings
> of reality.  How much harder is it to bring reality to physics once a
> well-meaning teacher has fed these misunderstandings?

Did your teacher begin by saying "This is fact.  This is true."  Then  
much later, "Actually... this wasn't true.  Please un-learn things  
now."   Or did he say "This isn't actually fact, but it's a good  
enough assumption for today.  You don't yet have enough knowledge to  
really understand, but pretending this is true for now simplifies the  
learning process.  Pretty soon you'll understand more, and you'll even  
understand why the assumption we are making today is a useful one." ?

For me, it was the latter.  A teacher who lies, even with the best of  
intention, loses his students.  The poor student never knows if he is  
being told the truth or not.

> That said, reasonable people can certainly disagree on this -- we left
> objective fact behind us a long time ago, and are pretty far into the
> realm of personal opinion.  :)

Suits me.  The person who needs education regarding the (thankfully  
dying out) belief that no version of PGP past (insert version here)  
should be used isn't even on this list.

In an effort to drag this back to OpenPGP relevance, a sum-up for the  

* No, it is not true that PGP 2.6 or 6.5.8 or some other version is  
the "last good" version.

* Some variants of this belief involve Phil Zimmermann being present  
for those versions but not others.  Mr. Zimmermann is a nice guy, and  
very devoted to PGP, but his presence does not automatically mean the  
version of PGP is secure, and similarly his absence does not  
automatically mean the version of PGP is suspect.  Read his own words  
on this belief: http://www.philzimmermann.com/EN/faq/index.html

* You can, of course, keep using whatever version of PGP you like.   
Nobody can force you to do anything.  However, understand that these  
early versions predate the OpenPGP standard (first published in 1998,  
and later updated in 2007).  Because of this, they generally don't  
interoperate perfectly with true OpenPGP clients.  In other words, you  
make it difficult for people to communicate with you securely.  Since  
you're using PGP, we can assume that your intent was to communicate  
securely, so making it harder to do so is, shall we say, less than  
optimal.  This situation is getting steadily (though slowly) worse as  
crypto technology evolves.

* There are many people on this list who would be happy to help you  
understand any of these points.


More information about the Gnupg-users mailing list