I've just returned from a week away to discover this latest discussion,
and I'm disappointed that folks haven't pointed out the important
facts.
RFC 1115, which was mentioned in an earlier message, is now historic.
So, whatever it says is irrelevant.
The initial son-of-RFC1115 Internet Draft (pem-algorithms-00.txt),
several more recent drafts posted to PEM-DEV, and the final
son-of-RFC1115 Internet Draft (to be released later this week), all
specify a technique for padding the DEK with pseudorandomly generated,
nonzero octets. The technique is the "block type 02" padding technique
specified in PKCS #1. This technique was specifically adopted for use
by PEM to handle the multiple recipients issue. It is precisely
because this technique has been part of the new PEM specifications that
it is in the implementation that Jeff Schiller says has been working with,
not to mention others ...
-DB