Bill,
I looked more closely at your second comment and realized that
I misunderstood your point. Using a directory with descriptive naming
to fetch a certificate which contains a not very descriptive name
reuires trust in directories and (integrity-) secure communication
with directories. Given a very large directory system, this is not an
especially confidence-inspiring model. (Note that DNS spoofing is
already a source of attacks today.) Also, PEM allows message senders
to pass along full certification paths with in PEM messages, minimizing
the need for users to access directories to fetch certificates.
Steve