Re: Basic question about RSA
- From: "William L. Bahn" <william@xxxxxxxxxxxxxxx>
- Date: Sun, 4 Jun 2006 04:19:08 -0600
"David Wagner" <daw@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
William L. Bahn wrote:the
There is a natural tendency among people that are intimately
familiar with a topic (and I'm certainly as guilty of it as
benext person) to assume that people that are new to that topic
should learn everything all at once. It seems like it should
mucheasy to teach them everything because it all just makes so
beliefsense. More specifically, there is a tendency to adopt the
morethat it is not appropriate to teach them things based on a
simplified model that will have to be modified later when a
actuallyrealistic model is used.
Perhaps. But when giving an oversimplified model that isn't
accurate, I think at a minimum one should disclose to thestudent that
what they've been told isn't actually accurate. Otherwise,people may
rely upon that inaccurate model and make bad decisions.misconceptions.
In this case, the oversimplified model leads to many
I've taught the material in the classroom, and I've seen themisconceptions.
Personally, I think that describing signatures by saying that
just a case of "encrypting with the private key" is the wrongway to teach
this stuff. I think it's better to treat signatures as atotally different
topic from encryption; to start by discussing the propertiesthat signatures
have; and then give some example signature schemes. If youstart by saying
that a signature scheme is where you encrypt with the privatekey, then
you end up confusing the security goals with a specificalgorithm that
meets those goals; you confuse the specification with theimplementation;
you confuse the end with the means. It leads to amisconception that all
signature algorithms work by "encrypting with the private key";and that
misconception leads to many fundamental confusions.
I really haven't seen anything in this discussion that implies
that anyone has been under the impression that "encrypting with
the private key" and "digital signatures" are one and the same.
Perhaps it is just the perception that I interpret things from,
but everything seems to have been consistent with a discussion of
one particular means of authenticating messages. While the
discussion has been focused on that one method, there hasn't been
anything that I can recall that claimed it is the only method or
that all other methods are somehow derived from it.
- Prev by Date: Re: Basic question about RSA
- Next by Date: Re: Basic question about RSA
- Previous by thread: Re: Basic question about RSA
- Next by thread: Re: Basic question about RSA