A reasonable response. My question is: Why do you think that the key generation algorithm used by PGP is secure? Specifically, how do we know there is no subtle back door that reduces the problem of testing the typical key space to a solvable problem in today's technology?
I never said that I thought that PGP (or anything else) is "secure." But to the extent that I do trust it for any given purpose, it is for approximately the same reasons that I trust lots of other things that I rely on. I've spot checked some of the code - far from an exhaustive analysis - and I've yet to discover anything myself that points to any specific weakness. I assume that others have done the same, and I also assume that someone like me who did discover a weakness would be likely, as I would be, to publish it and that therefore I'd hear about it. This is, for better or for worse, about as much as can be said for almost anything in the cryptographic world. Far from perfect, to be sure, but hardly unusual or unique to PGP. ...
Under what analysis do you construe "It cannot be safely assumed" as "near-defamatory"?
Because you seem to be pointing a finger at specific people. Your recent messages imply (to me, at least) that you think one or more members of the MIT PGP project may have deliberately tampered with some of the PGP code. You think the risk of this sort of thing having occurred is especially great - greater than with other products, in fact - with MIT PGP because of some (unspecified) connection you believe MIT has with NSA. (If I am mistaken here and you don't think MIT PGP is at special risk, please clarify this - I suspect others got the same impression). PGP did not come from "MIT". It came from specific individuals who work there and who are named in the code and documentation. They have professional and personal reputations and feelings just like we all do. Some of these individuals are on or close to this list. To imply, without offering evidence, that these people are somehow tainted and that their work should be especially mistrusted is harmful and hurtful to them. To use such implications as the entire basis for claims about the security of or risks associated with specific software does not move our understanding of things forward. Pointing out something specific, on the other hand, would move things forward. I think your "arguments" about this subject so far have been vague, unscholarly, unprofessional, needlessly personal, and just plain insulting. -matt