Steve,
A PEM message can always be translated into a valid PKCS #7 message
without any cryptographic operations. AOCE is not a good example
because that environment relies on the creation and presence of a
signed attribute (an extension only in the PKCS) for carrying the time
of signing.
So PEM can talk to PKCS, but not AOCE. And PGP and PEM can't
intercommunicate, because they use different algorithms, as does PEM
and DMS/MOSAIC/SKIPJACK/TESSURA. And God knows what the
implications would be of trying to tie the constructs of secure X.400 to
the PEM public key infrastructure, including PCA policies and the IPRA.
And tying all this to the EDI community will be even worse.
One of these days, PEM and/or the more general public key infrastructure
is going to have to address the issues and capabilities provided by
PKCS. The ANSI X9F1 folks need some of these attributes, we need the
ability to separate the message from the signature, etc.
I gather that many of these items are being addressed by GULS, but I
haven't followed them and haven't any idea what kind of a plan for
implementing and deploying these features anyone has in mind.
I am beginning to think that we need a couple of week-long Joint
Experts Meetings, perhaps three months apart, that would bring together
the experts from ALL of the various standards groups and industry
associations, and try to get our collective act together on these issues.
At present, a proposed advance in one area is often viewed as a threat
to the existing (or soon to be existing) status quo, leading to turf battles
and a general paralysis because of the difficulty of changing our direction
when we don't have an overall game plan of where we want to be heading.
Anyone want to volunteer to champion such a get together at the national
level?
Bob