Teaching crypto to newbies (was: incompat.)
reynt0 at cs.albany.edu
Tue Dec 2 00:20:44 CET 2008
[quoted from the "incompat..." thread, but replying
under RJH's new Subject]
On Mon, 1 Dec 2008, Robert J. Hansen wrote:
. . .
> misinformed." Unfortunately, in my experience the overwhelming majority
> of users don't understand trust, don't want to understand trust, and run
> away screaming when asked to think about trust in a logical manner. You
> have to bring them to rationality slowly and in infinitesimally small doses.
My own belief is that an aversion to thinking in terms of
"trust" may have some basis in common sense, given the wide
meanings and usual grammar of (the English language word)
[self advertisement] To quote a book [which I wrote FWIW;
complaints, comments, criticisms welcome :) ], because it's
not too wordy and says just what I want to say here:
Risk is objective; security is subjective.
Looking for risk is being awake; feeling secure is being
. . .
Trust is psychology. "Stop Thinking, Be Happy, Trust Us" is
a sales slogan. Risk is the objective reality of a situation.
The only connection between risk and trust is hope, or maybe
confidence one can evaluate and judge always correctly.
A newbie who is aware they don't know much, may well *feel*
the reason they need crypto is because not much is trustable,
and they *feel* a healthy anxiety. And though it may well
happen to be that what is called "Web of Trust" is among
useful tools for dealing with the problems, one is not
teaching newbies psychological skills of telling how they
can trust or not, one is (should be) teaching how to *think*
weighing "risks" and showing how crypto is a tool to reduce risk.
So newbies may be due some slack when they don't do well with
learning "trust" as logic, because it isn't logic.
More information about the Gnupg-users