PGPI COMPARISON
===============

1)  Not vulnerable to the chosen-ciphertext attack posted on
    The Register (http://www.theregister.co.uk/content/4/26643.html)
    on the 13th August 2002, entitled "PGP, GPG defeated".

2)  Both the deterministic RSA and Leopard schemes have been converted to
    randomized schemes. The randomized RSA scheme should be almost
    polynomially/semantically secure.

3)  A special algorithm prevents an adversary from gathering knowledge
    of the lower bound of any public-key which should guarantee indefinite
    communications security (when using secret public-keys).

4)  This software facilitates the use of encrypted secret-public-keys,
    when it is used in a secret-public-key scenario.

5)  RSA Encryption of appendix-signature. The fact that PGPI doesn't
    encrypt signatures means the plaintext message is vulnerable to
    any weaknesses in crypto-hash functions like MD5/SHA, and any
    weakness in the digital signature algorithm/implementation.

6)  Much stronger encryption of plaintext message by use of pure RSA salted
    encryption/decryption (eliminating security risks from symmetric ciphers).

7)  This software facilitates much stronger encryption of a private or public
    key, by allowing an effectively unlimited size of password, and by the use
    of a Cipher-Packet technique (which hides the size of a private/public-key
    and prevents an adversary from being able to isolate ciphertext from
    padding).

8)  PGPI compresses plaintext data prior to encryption, which should in turn,
    assert adversary-known patterns in message data. This is due to how gzip(1)
    and other compression techniques have to encode their compressed data.
    The author feels that this is a security risk rather than an advantage,
    and is therefore left optional and for the user to decide.

9)  PGPI introduces the concepts of a Digital Certificate, and "Cert Servers".
    These methods are vulnerable to Man-In-The-Middle attacks. However the
    documentation for PGPI seems to ignore this. The author feels that
    misperception of the facts is a security risk. Hence, this implementation
    does not encourage the use of Digital Certificates or "Cert Servers" at
    all since they are a waste of time and do not provide any added security.
    The problem stays the same and equates to the necessity of authentic
    transportation of all public-keys.

10) This software is smaller, simpler and better written than PGPI.
