Dave: >> is pgp compromised? > > PGP is a packaging method. Absent grossly incompetent packaging -- and I've never heard claims that PGP or S/MIME were guilty of that -- my sense is that the interesting security mechanisms are the underlying algorithms. > > Is there something about PGP that creates different exposures than S/MIME, in terms of those algorithms? (Key management has obvious differences, of course.) The biggest difference is PKI vs. web of trust. You do not need a key signing event for a PKI -- you have already decided (or a vendor decided for you) to trust the Certificate Authority. Russ