Times 7/3/2000: "How secure is your e-mail?"

[John Young]

JA wrote that she had been advised by a person with intelligence
experience to not use PGP because it had been compromised.

I wrote that she should be wary of such advice for it was oft
given by those who had not examined the source code of
PGP or did not understand the value of open source code
analysis and testing. I asked if she would obtain specific 
evidence from her source that PGP had been compromised 
for it would be sensational news in the crypto community.

I also reminded that the compromise of PGP was spread
as a means to keep people from using it, a practice employed
by intelligence agencies worldwide. And that until evidence
of its compromise had been verified by expert non-governmental
cryptographers, and that news widely disseminated for other
verification, she should be wary of the claim.

It would be helpful if the the PK listed for David Shayler is 
authenticated as his and not a ploy by evil people to lure
the unwary into compromising communications.

But as we know false PKs, and authentication of the originators,
are problems of the PGP system (and others), and that may be 
what is meant by claims of its being compromised.

I hasten to add that JA had been advised that only a one
time pad is reliable, which, I believe is considered to be sound
advice from crypto experts. Another or two unusual methods
were mentioned which need not be flaunted here plaintextually.