Summarising the system implementation requirements outlined by
Steve Kent:
Conformance to PEM requires, independently of PCA policy statement on
certification and naming procedures, that the PEM infrastructure and UA
implementations consider that:
1) attribute types to be used for PEM e-mail user identification are
to be listed by IANA, and counter examples found in certificates
by PEM UAs are reason for certificate invalidity
2) collections of attributes used for naming identified parties
must conform to a naming architecture suitable for
effective organization of a Directory Information Tree, as represented
by a nominated set of competent schema specifications, enforced
by all PEM UAs
An optional requirement states that:
3) There must be an algorithmic relation between the issuer and
subject names represented in user certificates and the Distinguished
Name of the X.500 Directory entry in which it may be stored. A
simple relation is equivalence.
If valid, these propositions might be added to 1422 RFC to
make their role in enforcing PEM certification semantics
crystal clear.