I have a question for anyone who has built or is building a PEM
implementation.
PEM very carefully puts out brackets on PEM messages and nests
MIC-CLEAR messages so that it is possible to include PEM messages
inside other PEM messages and have the whole thing parsed
unambiguously. There remains, however, a user interface challenge
in displaying such a nested PEM message in a way that visually
shows the user what signatures have been verified on what parts of
the message. Particularly challenging is doing this in a way that
prevents someone from cobbling together a message that the PEM
processor will ignore but will look to the user like it has been
PEM processed and verified.
My question is: has anyone yet taken on this problem? What do the
existing implementations out there do with nested PEM messages?
--Charlie
(kaufman(_at_)zk3(_dot_)dec(_dot_)com)