Im concerned that relay's are unable to authenticate the originators of
messages in MIME/PEM when the messages are encrypted to protect private
data. This is a big change to PEM which I believe deserves a section
in the MIME/PEM document to justify or admit the change.
You don't have to use MIME/PEM this way -- you can encrypt and then sign. Or
sign, encrypt, and sign again. Use whatever set of operations you want.
If your requirements are that relays have to be able to verify signatures
before passing messages on, you can certainly accomodate this usage using
MIME/PEM. And since there's always the possibility that you will receive
messages that are not signed in any way, let alone signed underneath the
encryption, there really isn't any "new issue" that MIME/PEM introduces for
you to deal with.
Ned