There are already systems deployed and in wide use on the Internet which
provide for "secure" electronic mail (i.e. PGP and RIPEM). In my opinion,
what differentiates PEM from these efforts is the certification hierarchy.
If all you want is "secure" e-mail without the certification hierarchy and the
benefits that go with that (like non-repudiation) then, in the grand Internet
tradition, use what has been widely deployed (PGP and RIPEM). That is not
PEM's goal (in my interpretation of the RFCs). If there needs to be a
"standard", then document PGP or RIPEMs function in an RFC.
There is a great need for the certification hierarchy described in the PEM
standards. I don't understand why anyone would want to remove that feature
just so PEM can provide functionality that is already provided for by deployed
applications.
-William