Tom,
When PEM was developed initially, the PSRG provided for
symmetric key distribution, initial implementations used maunal
symmetric keying distribution, and facilities for symmetric key
management are still part of the PEM message processing spec.
However, the use of symmetric key management requires trust in third
parties not only with respect to identity verification, but with
regard to message confidentiality as well. This was viewed as
unacceptable for the large community that PEM hopes to serve.
Moreover, experience with symmetric key distribution systems has shown
that they do not scale well. Thus, these concerns motivated the
adoption of asymmetric key management as the primary, recommended
approach for PEM.
I have to say that I am a bit puzzled by your apparent
suprize, especially at this point in time, with regard to the full
mechanics of what is required for message signature verification. The
suprize was expressed in terms of asymmetric cryptography in general,
not specifically to the (not-PEM-compliant) COST techniques in
particular. As a frequent contributor to this list, and a senior
representative of a company that is offering what is billed as a
product that supports PEM, I would have expected a much greater
familiarity with the process of public-key signature verification.
Steve