Teaching crypto to newbies (was: incompat.)
dshaw at jabberwocky.com
Mon Dec 1 16:25:36 CET 2008
On Dec 1, 2008, at 3:05 AM, Robert J. Hansen wrote:
> David Shaw wrote:
>> How much harder is it to bring reality to a situation once someone
>> has "fed" the misunderstanding?
> Should we forbid high schools from teaching Newtonian physics? The
> notions of absolute space and absolute time are gross
> of reality. How much harder is it to bring reality to physics once a
> well-meaning teacher has fed these misunderstandings?
Did your teacher begin by saying "This is fact. This is true." Then
much later, "Actually... this wasn't true. Please un-learn things
now." Or did he say "This isn't actually fact, but it's a good
enough assumption for today. You don't yet have enough knowledge to
really understand, but pretending this is true for now simplifies the
learning process. Pretty soon you'll understand more, and you'll even
understand why the assumption we are making today is a useful one." ?
For me, it was the latter. A teacher who lies, even with the best of
intention, loses his students. The poor student never knows if he is
being told the truth or not.
> That said, reasonable people can certainly disagree on this -- we left
> objective fact behind us a long time ago, and are pretty far into the
> realm of personal opinion. :)
Suits me. The person who needs education regarding the (thankfully
dying out) belief that no version of PGP past (insert version here)
should be used isn't even on this list.
In an effort to drag this back to OpenPGP relevance, a sum-up for the
* No, it is not true that PGP 2.6 or 6.5.8 or some other version is
the "last good" version.
* Some variants of this belief involve Phil Zimmermann being present
for those versions but not others. Mr. Zimmermann is a nice guy, and
very devoted to PGP, but his presence does not automatically mean the
version of PGP is secure, and similarly his absence does not
automatically mean the version of PGP is suspect. Read his own words
on this belief: http://www.philzimmermann.com/EN/faq/index.html
* You can, of course, keep using whatever version of PGP you like.
Nobody can force you to do anything. However, understand that these
early versions predate the OpenPGP standard (first published in 1998,
and later updated in 2007). Because of this, they generally don't
interoperate perfectly with true OpenPGP clients. In other words, you
make it difficult for people to communicate with you securely. Since
you're using PGP, we can assume that your intent was to communicate
securely, so making it harder to do so is, shall we say, less than
optimal. This situation is getting steadily (though slowly) worse as
crypto technology evolves.
* There are many people on this list who would be happy to help you
understand any of these points.
More information about the Gnupg-users