From: Andrew S Hall <ashall@magnus.acs.ohio-state.edu>
Date: Thu, 15 Jul 93 14:51:04 PDT
To: cypherpunks@toad.com
Subject: Crypto Credentials
Message-ID: <9307152150.AA24691@photon.magnus.acs.ohio-state.edu>
MIME-Version: 1.0
Content-Type: text/plain



A query was made:

> >    I'm trying to learn more about practical cryptography in general
> >    and PGP and similar programs in particular.  Any advice?
A response:

> @article{Nathan92,
>    author = {Paco Xander Nathan},
>    journal = {Fringeware Review},
>    month = {July},

To which Perry Metzger wrote:

>Rather than pointing people to strange publications we've never heard
>of written by authors without credentials, might I suggest...
>
>1) The PGP docs themselves are very good and far better as a tutorial
>   on cryptography than any of the "PGP tutorials" that have appeared
>   in the fringe literature. They are also free.
>
>2) Read a real text on cryptography. It isn't a childrens game. Its a
>   real branch of math and computer science, and really bright people
>   devote their lives to it. If you wanted to learn about medicine,
>   would you pick up a professional medical text, or something written
>   in a 'zine by people you hadn't heard of?

And then Peter Davidson responded:

: 1,2 deleted
:  3.  If you've never seen the article mentioned, and know nothing of
:  the author, on what basis do you claim that the author is without
:  credentials?  Because he publishes in a magazine with "Fringe" in
:  the title?  You're obviously prejudiced, Perry.

:  4.  Does it require an advanced degree in mathematics to write a clear
:  and lucid tutorial for those interested in using PGP?

:  5.  Is reading "a real text on cryptography" necessary in order to
:  learn to use PGP?  Your remark suggests it is, which is likely to
:  discourage people from using PGP rather than encourage them.


I agree with Perry. The original query was not 'how can I be cool and
use PGP to write secret notes?' It was a serious enquiry about PGP and
*other* similar systems. Reading a fringe popularization about PGP
will not do much. (And I consider Paco to be a competent general writer.)

Using PGP is about as easy as using DOS. Understanding PGP, its capablities,
its strengths, how it relates to other crypto systems, and evaluating it
and other systems is not so easy. It doesn't require 'an advanced degree
in mathmetics,' but just high school algebra won't do it either. I have
seen FringeWare and, while the treatment is PGP is fine as a tutorial, it
is not an introduction to public key cryptography. It wasn't meant to be.

There is a big difference between having people just use PGP and having
them understand it. I know since I have worked several pieces to explain
public key crypto for a general audience. If someone really wants to
learn about the subject, the PGP docs are the best place to begin. From
there, the sci.crypt FAQ, and then, if you are serious, Denning's
_Cryptography and Data Security_. A deep and complex topic like cryptography
requires as deep and complex study as the scholar wish to apply. That can
mean a lifetime. A fluff, yet hip, article in a cool, yet sophisticated
fringe journal is *not* the place to begin.

Perry doesn't need my defense, but I will add that this mostly-lurking
cypherpunk doesn't think he is an asshole. He is brutally honest and
declares his opinion. I respect that. While he is often a bit wired,
I have yet to see any hostility to those who didn't deserve it. (
cf recent extropians/pagans love-in or alt.binaries.pictures.erotica.children)

I apologize for excessive re-quoting, and hope someone will forward a good
crypto reference list to the original inquirer. I would, but I can't find
it.

A.

Techno-Anarchy.Neophilia.Economic Freedom.Cryptography.Anti-Statism.Personal
Liberty.Laissez-Faire.Privacy Protection.Libertarianism.No Taxes.No Bullshit.
**********            Liberty BBS 1-614-798-9537                  **********
**********           Dedicated to Freedom. Yours.                 **********