Hi Bob,
I don't mean to start any religious wars, but we have seen some extensive
commentary regarding PEM vs. PGP. I confess to never having read the
PKCS standards in any significant detail, but I think it would be interesting
and worthwhile to point out the extensions that PKCS has made over PEM.
Could you summarize these, point by point?
This mailing list is probably not an appropriate forum for a
discussion of the features of the PKCS standards. This is best left
to the reader (the PKCS comes with an excellent overview which
compares and contrasts PKCS and PEM).
Does PKCS uses the basic X.509 certificate, or do you use a varient of
509? I understand that PKCS doesn't have notion of a Policy
Certification Authority, so I am curious how a user knows how much
trust to put in the signature? I am assuming that the CRL mechanism
is similar to PEM, but that would be worth commenting on also.
PKCS is not as complete a standard as PEM in that it does not address
policy, only mechanics. PKCS does, however, utilize the basic X.509
certificate as well as the CRL mechanism in PEM (only in binary form
rather than ASCII). This does have an impact on PEM in that a System
7 Pro user who has been certified has already undertaken some of the
most difficult parts of PEM; the "discovery" of a DN, key gen and
certification. All that is needed to go from the ability to sign
arbitrary things to doing PEM messaging is a small matter of
application code (SMOAC).
-steve