learning curve like Monte Cervino

Hubert Kario hka at qbs.com.pl
Thu Aug 2 12:34:00 CEST 2012

On Thursday 02 of August 2012 07:49:22 peter.segment at wronghead.com wrote:
> On 01/08/12 23:05, Robert J. Hansen - rjh at sixdemonbag.org wrote:
> > By itself, GnuPG is useless. [...and more, much more, on steep
> > learning curves and cargo-cult security].
> You are very rigorous in your views on the subject. Consequently
> (at least as I read your text) you reject the most damaging canon
> of the contemporary "computer security industry", the one that
> demands no knowledge, no conceptual understanding and no discipline
> on the part of the end user - it all has to be solved for him by
> the software. For this I applaud you.

Is it really so hard to demand from users to 
1. understand that private key is sensitive, so is password protecting it
2. that you need to validate certificates/public keys from other parties
3. the only hardware that does crypo you can trust is your own hardware

You can be a secure user of GPG (or any other crypto suite) without 
understanding block chaining modes or why ECC is better than RSA.

As a hammer user you must learn not to use it to drive screws in to wood, 
even if it appears to work. You *need* to have basic understaing of tools 
you use.

Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24

More information about the Gnupg-users mailing list