Doug,
I think you are being ridiculous, or you are completely missing the point.
At the risk of insulting your intelligence, let's review the basics:
1. It is the USE of encryption for privacy that is optional, not the FEATURE.
All PEM implementations I am aware of support encryption, and the
encryption available is of excellent quality. In fact, if you want to
correspond with someone outside of United States (outside COCOM,
in fact), they'll have to write their own, because PEM isn't
exportable without a license from the Dept. of State.
2. In order to use the encryption feature, you have to know the user's
public key (assuming the public-key version of PEM). If you wanted to
make the use of encryption mandatory, you would have to know
the public keys of everyone whom you would ever want to read
your messages, such as the entire pem-dev list (which is probably
10 times larger that it appears, becasue of all the exploders in use.)
3. The user's public key is bound to his Distinguished Name in his Certificate.
This facilitiates the use of X.400-like systems where the DN is used
as part of the addressing schema. More importantly, it helps assure you
that you are sending your encrypted message to the right person.
4. The use of the PCA and CA hierarchy is explicitly intended to provide
you some assistance in knowing that the person you are sending the
message to (or receiving the message from) is in fact the person
you think it is. It isn't perfect, but it is workable. From your point of
view it may require you to establish your identity and right to use
that name with a little greater certainty than you would prefer,
but that protects me from being impersonated by you, and you
from being impersonated by me. From my point of view most
of the PCAs require too little assurance, rather than too much.
5. Your argument, therefore, should not be with PEM, but rather with
the choice of PCAs and the policies they choose to establish. This
has also been my point, although I'm coming at it from a ifferent point of
view.
6. The use of the Persona PCA is no different from any other PCA,
except that individuals who use that PCA are not required to
establish their identity. In fact, any binding between the DN
and any particular person is disavowed. All that is guaranteed
is that once you register your DN, no one else will be able to use
it, at least for the duration of your certificate. (Once your certificate
expires, you may or may not be able to use the same DN as you
used before. But since you have disavowed any correspondence
between that DN and your identity, that shouldn't matter, should it?)
7. You aren't forbidden to use DN=Doug Porter on the Persona PCA,
assuming that someone hasn't already used it. And you can then
send whatever other bona fides to anyone you choose, in
encrypted form if you desire. Of course you may not know who
who are sending them to, so you had better engage in a
reasonably extensive dialog to be sure that you can trust that
person (virtual honesty?) before you reveal anything very sensitive.
8. You might like to check out the COST PCA's policy. They plan to
use the user's Internet address as the DN, although they also
talk about it being a high assurance PCA, which makes it seem like an
oxymoron. Anyway, if you take out a numbered mailbox on Compuserve,
you could have a reasonably high degree of anonymity.
In short, you have plenty of options. What, precisely, is it that you are
complaining about?