The changes in 1992(3) X.509 certificates are minimal and backwards
compatible with 1988. Additional fields are introduced to hold a
'uid' for both the subject and certification authority principals.
This was added to counter a 'reuse of distinguished name' threat
which came out during development of the 1993 directory access
controls. Presumably PEM would have the same requirement and would
welcome this addition, considering that the text has been stable
in its current form (only editorial corrections) since 1991, and has
been made widely available to MIT, TIS, RSA, ISODE, and everyone
else actually implementing authentication using these certificates.
In the meantime, PEM itself has changed quite a bit, including the
algorithm ids and signature bits formats, and especially the CA
hierarchy and policy approach, keeping the developers busy modifying
the code, so it's hardly a burden for them to have included support
for uids. This is noted, by the way, from the point of view of
someone who was building CA's and trying to track the changes to
PEM over two years ago, when the ISO changes were introduced. Also,
the original submission drafts for the changes came from my laptop,
so I can date things pretty precisely if I have to.
It's not like CCITT/ISO is pulling a fast one here.
The flames on this topic in this mailing list flared two years or so
ago, and have subsided since then.
Hope this clears things up a bit.
/Joe