From my point of view, PEM's key certification had the disadvantage of
being tied to physical human identifies and human organizations too
tightly. So, I was a proponent of looser certification, anonymous keys,
etc.
Now I've got a use for tying keys to current identification structures:
letters to Congress.
For a while now, I've wished there were an e-mail address for Congress (if
not for each individual Congress member). However, I would expect the
average Congress person to distrust unsigned e-mail -- so I see this as a
good first use for PEM. PGP with its loose certification is probably too
loose to substitute for a legal signature.
While the subject is open, it might be worthwhile for those interested in
pushing for PEM adoption to actually buy and donate computers (and net
connections) to Congress specifically for the purpose of handling PEM mail
and verifying signatures -- even handling encrypted mail.
-- <<Disclaimer: All opinions expressed are my own, of course.>>
-- Carl Ellison
cme(_at_)sw(_dot_)stratus(_dot_)com
-- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
-- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488