The new precept that MIME/PEM has adopted which you haven't
mentioned is:
4. Allowing public keys to remain unpublished.
Let me pointedly ask now: Are you maintaining as a design goal
of MIME/PEM the option for users to prevent their public keys
from being transmitted or widely published?
Just to make sure we're all on the same train, the question you're
asking is a PEM question directed at the revised version described in
the "PEM Security Services and MIME" document and bears no relevance to
the "Security Multiparts" document.
Based on experience and discussions with various people, we explicitly
included an option for originators to protect their public keys.
Insofar as we chose to include this option, I guess that makes it a
design goal. However, as this option was implicitly available from
1421, I do not consider this a new precept.
Let me observe that RFC 1421 allowed a user to use the
ORIGINATOR-ID-ASYMMETRIC field, thus indicating the certificate
containing the public key that was used. Also, since,
a. in general, certificates are only available via mechanisms that do
not facilitate broad distribution,
b. in TIS's experience, certificates are not part of the Internet
hierarchy,
c. in TIS's experience, PEM messages are using the ASYMMETRIC fields
instead of the CERTIFICATE fields,
reality is the default behaviour is public keys are unpublished; just
an observation....
Jim