So what you're proposing is a way to "cheat" MIME.
The alternative, application/mime, also "cheats" MIME. The
application/signed proposal attempts to limit the scope of the
"cheating" to where it is absolutely needed, in opaque digital
The history of this is rather unfortunate: when both MIME and PEM were
both under development, their respective WG meetings were scheduled at
the same time. Thus the MIME specification, complete with its "no
recursive encodings" rule, was designed without the input or feedback
from the security community. When it later came time to do digital
signatures in MIME, this rule seriously got in the way.
In any case, application/mime, application/signed, and
application/pkcs7-mime all have the issue that they are capable of
transporting binary MIME objects over traditional e-mail transports. If
this is desirable, it needs to be explicitly called out in all the
specs. If it is not desirable, it needs to be prohibited. We currently
have non-interoperation of application/pkcs7-mime due to this very