Hello fc@all.net (Dr. Frederick B. Cohen) and mab@crypto.com (Matt Blaze) and cypherpunks@toad.com I'm afraid I missed the start of this thread, sorry if I'm repeating... ...
The fact is, you seem to support the idea that PGP is secure without a reasonable basis, and when pushed a bit harder, agree that it probably is not secure.
The problem is that "secure" is not really something that can be proved. (I'm not sure if that's a theoretical or a practical fact, but it remains.) For one thing, I'm not even sure the RSA algorithm itself is secure. (At least I've never heard of a proof; have you?) As long as I'm using PGP to send letters to grandma, the cost (to me) of a successful attack is small. I therefore expend little effort to verify that it is secure. If/when I start to use it for more serious applications, I will read the source code. I might even modify it (eg. accord less entropy per keystroke) if I'm not happy with it. If circumstances warranted, I could re-implement it from the appropriate RFC (is it out yet or still draft?). However, in such circumstances, I very much suspect a one-time-pad would be used.
This is how professionals deal with these sorts of questions:
If you do not believe it is secure, you should say why not.
I do not believe that it can be proven secure.
In my case, I question its security and have given at least one example of how it could be insecure.
If you doubt the key-gen routine: * you are certainly free to make up your own keys any way you like, * write your own and argue that it's better, and/or * find a way to break the key-gen routine.
If you do believe it is secure, you should be able to support your contention with more than reference to RFCs, vague comments, and claiming that you have read the code and didn't catch anything.
Adding to the list: * I've never heard of anyone catching anything (except the headers on clearsigned messages problem).
If you cannot specifically address my question, say so, tell us all that the security of PGP is an open question, and either leave it open or go after closing it.
The security of anything is an open question. You shouldn't spend more on proving security than a breach would cost. Hope I'm making sense... Jiri -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two)