I agree with the comments that the current MIME-PEM draft may set back the
deployment of PEM.
A number of the more significant issues that have been holding back the
wide scale deployment of PEM are still not resolved, the support infrastructure
is still lacking and perhaps not even understood, and we seem to be
retrogressing. Two years ago, I thought we were about one year away from
effective, commercial grade implementations of encryption and digital
signatures. Now I think that we are two or more years away from our goal, and
things are getting worse, not better.
Many of the technical changes in MIME-PEM (versus RFC 1421) are useful
improvements, but "opening the door to new trust models" complicates the
industries work to field workable certificate management systems. The numerous
options within MIME-PEM will also delay the fielding of interoperable systems.
Suggestions:
- Reduce the number of MIME-PEM options (remove most of the identifier forms)
- Document a suggested trust model (maybe several if necessary).
Paul