I trust that you will get additional, "official" answers to your question,
but as a member of the PSRG (the PEM "inventors"), I feel qualified to
answer. In particular:
I think that you must be working with the original RFC 1114, which has gone
through at least a half dozen draft revisions in the intense scrutiny of
the PEM Working Group of the IETF. Almost a year ago, it was decided that
there would be more than one assurance policy under which certificates
could be issued. It is most definitely *NOT* necessary to own a
SafeKeeper. The latest draft revisions of RFCs 1113, 1114, and 1115 can be
found in the IETFs Internet Drafts directory at your favorite NIC. These
RFCs are expected to be reissued (with new numbers, of course) later this
year when the protocols advance to Proposed Standard.
Regards,
Rob
Robert W. Shirey, The MITRE Corporation, Mail Stop Z202,
7525 Colshire Dr., McLean, VA 22102-3481
shirey(_at_)mitre(_dot_)org * tel (703) 883-7210 * fax 883-1397