Someone for whom the attribution line was deleted wrote:
Other than that, my one remaining question is whether or not RIPEM is really
an
alternative to PEM that's always going to be a distinct entity in its own
right. If so, specification of what this alternative looks like (either in
another RFC or in some document an RFC can reference) is an essential part of
defining application/ripem adequately. If not, then why not just use
multipart/pem and application/pem?
Mark can answer more authoritatively than I can, but my understanding
is that RIPEM is intended to eventually be compliant with the PEM
standard. Addition of certificates is planned, and I think/hope that
the software will be upgraded to handle some PEM headers it currently
does not handle, like Originator-ID-(a)symmetric.
The Content-Type application/ripem (which, IMHO, should be
application/x-ripem) merely specifies the existing standard, including
PEM boundaries. It's just a stopgap, and has little if anything to do
with the draft standard for multipart/pem and application/pem.
- Marc