Doug,
While I won't argue that voters in real elections in this
country are self selected, I don't believe that this is the relevant
issue. We are not holding an election. What you did was a poll or a
marketing survey. There are some well established techniques for
conducting such surveys and I contend that your sample size and
composition is neither large enough nor broad enough to be very
representative.
However, another way of viewing this, that might be more to
your liking, is that the "voting" group for PEM has consisted of the
individuals who attend PEM WG meetings and those who actively
contribute to the development of RFCs and implementations. Those
individuals, especially the folks who participated in the meetings
over a several year period that lead to three generations of PEM RFCs,
felt that authenticity and integrity were critical services and that
confidentiality should not be offered without them. In particular, it
was felt that a (naive?) user, if he received an encrypted message,
would tend to believe the identification information contained in the
message (and rely on the integrity of the message), irrespective of
the use of technical authentication mechanisms. Thus, to protect
users from being spoofed by encrypted but unauthenticated messages,
the developers chose to make integrity and authenticity mandatory
features, with confidentiality optional.
Steve