Peter,
As Steve Crocker eloquently pointed out, getting a PEM UA to
you from the U.S. is not a simple matter. But check with Peter
Kirstein about possible availability in the EC.
Also, I forgot in my last message to respond to one aspect of
the comments on PGP. Perhaps the best way to contrast the PGP
approach to key managment and the PEM approach is to note carefully
the examples given in the message from John Gilmore. It suggest key
exchanges taking place via informal, small scale, inter-personal
interaction. Maybe in that environment the scheme he cites will prove
suitable. The goal of PEM is a much larger user environment,
including corporate users, where the greater rigor imposed by the
naming and certification scheme is believed to be necessary and
appropriate. As for the rhetoric about the primary motivation for the
certification structure being the enrichment of RSA, we have learned
to expect this sort of comment from the author, and have learned
largely to ignore it.
Steve