I don't think you still understand what the conversation is about. It's not about things like AES, where there might be some hidden flaw in the crypto scheme. It's about basic, glaringly visible issues. Eg, from https://www.latacora.com/blog/2019/07/16/the-pgp-problem/
"The PGP MDC can be stripped off messages –– it was encoded in such a way that you can simply chop off the last 22 bytes of the ciphertext to do that. To retain backwards compatibility with insecure older messages, PGP introduced a new packet type to signal that the MDC needs to be validated; if you use the wrong type, the MDC doesn’t get checked. Even if you do, the new SEIP packet format is close enough to the insecure SE format that you can potentially trick readers into downgrading; Trevor Perrin worked the SEIP out to 16 whole bits of security .
And, finally, even if everything goes right, the reference PGP implementation will (wait for it) release unauthenticated plaintext to callers, even if the MDC doesn’t match."
TL;DR, the packet format has "${DATA}${SIGNATURE}", in such a way that you can strip $SIGNATURE, do whatever you like with $DATA, and it'll go through because this is a backwards compatibility mechanism. Former versions didn't have $SIGNATURE, so any attacker can just get rid of it, and problem solved.
This is I repeat not a case of "maybe there's some PHD level math we're unaware of", but absolutely glaring issues.
You don't need a genius to write a formal proof of why allowing people to strip signatures is a bad thing.
And it's a problem solvable by throwing out the compatibility scheme and adding a hard requirement.
