Dave:
is pgp compromised?
PGP is a packaging method. Absent grossly incompetent packaging -- and I've
never heard claims that PGP or S/MIME were guilty of that -- my sense is that
the interesting security mechanisms are the underlying algorithms.
Is there something about PGP that creates different exposures than S/MIME, in
terms of those algorithms? (Key management has obvious differences, of
course.)
The biggest difference is PKI vs. web of trust. You do not need a key signing
event for a PKI -- you have already decided (or a vendor decided for you) to
trust the Certificate Authority.
Russ