Is it worth remarking that when you market *YOUR* version of PEM, you can
call it anything you want? How about Confidentiality-Enhanced Mail?
(ConfiMail? SafeMail? DigiSeal? NoTell Post[e]l? (The latter with
apologies.) Slogan: "Neither rain, nor snow, nor hackers!")
You can rename the security services, using names other than those defined
in IS 7499. "Secrecy" instead of confidentiality? "Identity check"
instead of authentication? "Unchangability" instead of integrity?
Most important, you can define *your* user interface so that the default is
to have the confidentiality option selected, so that the user must
deliberately deselect "privacy" to avoid that service.
The point is, the "users" are not going to read the RFCs (at least, not the
millions of users in the future that I envision). So the fact that your
community of "users" want confidentiality first and foremost has primary
importance for *your* product implementation, and does not necessitate
changing a spec that anticipates some other community.
Regards, -Rob-
Robert W. Shirey, The MITRE Corporation, Mail Stop Z202
7525 Colshire Dr., McLean, Virginia 22102-3481 USA
shirey(_at_)mitre(_dot_)org * tel 703-883-7210 * fax 703-883-1397