Jim Galvin writes, excerpting:
Excuse me?! Have you forgotten about the PCAs required in RFC 1422,
which by the way is required in a compliant 1421 implementation? Every
implementation is required to track the existence of every PCA and to be
able to report to a user the implications of a public key found to be
issued under that PCA.
Wrong. 1421 does not require use of 1422, though it recommends it
in the interests of a common basis for interworking. It is wholly
possible to build a 1421-compliant implementation which has nothing
at all to do with 1422; several PEM implementations have been
constructed, e.g., based purely on symmetric-key cryptography.
--jl