I believe that the goal for the working group in the next year
should be to find a way to make the signatures on clear-signed
messages the same no matter whether PEM or PGP is used. This
means harmonising the key formats, at least to the point where
extracting the public key component is easy for both the PEM and
PGP models, and choosing a standard MIME multipart structure for
containing the clear-signed message and its signature. Once
this has been done, the working group should move onto
harmonising the encryption schemes so both PEM and PGP support
the same encryption schemes, and then move onto scaling the
trust model up to huge proportions.
I believe you suggest 4 goals in this paragraph:
1. PEM and PGP signatures should be the same
2. PEM and PGP should be packaged in a standard MIME multipart structure
3. PEM and PGP encryption should be the same
4. The trust model should be scaled up to huge proportions
Suggestion 2 has already been completed. The "Security Multiparts for
MIME" document serves exactly this purpose. Its intent is to provide a
framework for all signature and encryption protocols to be carried in
MIME. In this way, MIME agents need only be augmented to understand
high-level processing of multipart/signed and multipart/encrypted,
similar to their understanding of the high-level processing of
multipart/alternative and multipart/parallel. Individual users would
configure their multipart/signed and multipart/encrypted aware MIME
agents to handle their particular choice of protocol.
Jim