As an undeniable certificate-carrying charter member of the
International PEM Design and Standardization Conspiracy, I'd like to
respond to some of Doug Porter's recent comments. I fail to see why
the availability of authenticated mail services, which users may
employ (with the use of persona identities if desired) or refrain from
employing at their own option, intrinsically damages freedom or chills
free speech.
I believe that authentication and integrity are central to PEM in
particular and messaging security in general. Without security
technology, E-mail is a uniquely forgeable medium; I see clear value
in assurance that messages I exchange with others (personally and
professionally) actually came from their claimed originators, allowing
me to place them into accurate context with other interactions (E-mail
and otherwise) which I may have had with those originators. (This in
no way reflects any desire or intent to convert arbitrary
interpersonal communications into contractually binding documents
against their originators' wishes.) Confidentiality is an
often-valuable added feature (though export constraints outside the
control of the architecture make confidentiality unavailable in
certain cases, one reason for placing it in an optional service tier),
but its utility depends on being able to distinguish and specify the
set of identities among which a message's content is to be held
confidential.
PEM identities may be certified residentially, organizationally, or as
personas, any of which alternatives I believe an individual should be
free to adopt at his or her discretion without stigma. Election to
adopt a persona identity for E-mail purposes should no more be
construed as a "clown suit" than as an intrinsic badge of honor; it
merely declares that no correspondence should be drawn between that
principal in E-mail space and a corresponding person reachable in
other ways.
--jl