An oracle attack is a powerful technique used to discover information about the internal state of some system. The system is tested in some way, usually repetitively, and the response is analyzed.

My single point here is that when PGP is used in a unidirectional application like email, oracle attacks are impossible simply because there is no response available. I suppose in theory the attacker could try to get the recipient to manually send back the error messages, but that is quite unlikely to have a good outcome.

This immunity to oracle attacks comes from the simplicity of PGP. There are no low level automated subsystems to interact with. You are always interacting with a person.

This might seem to be a trivial observation and that I am giving PGP credit for something intrinsic to the application. Sometimes the name of a particular attack is matched to the name of a particular encryption method without checking for the prerequisites that could make that attack possible. This is common for the case of oracle attacks.

PGP FAN index