Most of the points of your message have been addressed by Steve
Crocker. Your final point, about X.400/X.500 interoperability, was
not addressed, so I'll take a stab at it. PEM makes use of X.509
certificates and thus is related to X.500 in that regard. It uses a
variant of the X.509 certificate revocation list, and this diverges in
that respect, although one could maintain both types of CRLs and be
compatible. However, PEM is not dependent on widespread avfailability
of X.500 directory servers, although their availability will make PEM
use easier over time. The 1988 X.400 (specifically X.411) security
extensions are NOT compatibel with PEM, so there cannot be a gateway
which takes a PEM-protected message and transforms it into a secure
X.400 message, without decrypting/unsigning/resigning/encrypting the
message. Thus no end-to-end secure messaging can be provided across a
PEM/secure X.400 gateway. As Eva pointed out, one can take a PEM
message and encapsulate it as an X.400 body part, so that a user who's
X.400 UA also incorporates PEM could process the message when it
arrived.
Steve