Tom,
You might want to (re?)read section 3 of RFC 1421, which
decribes what services PEM offers, in what communication and
computational environments it is expected to operate, and what
security services it does not provide. This is not a complete or
perfect description (e.g., more could be said about the subtle details
of origin non-repudiation), but it goes much further than most
Internet standards documents in describing the intended scope of
the protocol.
The level of description provided in this part of 1421, or in
parts of 1422, is not so detailed as to say what commercial and/or
application contexts might benefit from PEM. Similarly, if I buy an
Intel x86 or Motorola 680x0 CPU, it does not try to tell me for what
high level commercial applictaions the CPU may be suitable. I think
that is asking too much. The PCA facility in PEM allows considerable
flexibility in establishing policies under which certification can
take place, semantics can be associated with signed messages, etc. I
think it will prove to be flexible enough to accommodate a wide range
of higher level applications.
As for your perpetually unanswered question about use of
public key technology, the real answer is known to the original PEM
designers, but we are all sworn to secrecy ...
Steve