Before we get too wrapped up in the technical details about how to
tunnel PGP through S/MIME, I'd like to see this question addressed: what
would be the benefit for users in such a tunneling arrangement?
I've only given this question a little bit of thought, but I don't
see the benefit. The way I see it, the PGP/MIME and S/MIME message
formats have nearly identical semantics, and differ only in syntax.
There are a few semantic differences, most of which are insignificant
(for example, PGP signatures include a time-date field).
The significant differences between PGP/MIME and S/MIME lie in two
areas: key distribution and algorithm recommendations.
I think there _is_ a hope of tying together X.509 certificates and
PGP Web-of-trust signed keys. However, it's not clear to me why there's
any need to change the message formats in order to do this. The PGP
message formats are capable of using raw RSA keys, so it seems very
plausible to me to use a VeriSign-certified RSA key in a PGP message
format. Going the other way is a bit harder, because S/MIME seems to
require an X.509 signed certificate. Even so, I see no reason why PGP
signed keys or PGP signed messages can't be used to distribute X.509
trust roots. Indeed, this seems like one of the best ways of migrating
from PGP to S/MIME -- surely something your company is interested in
;-).
Considerable implementation work is needed in order for any of this
to become useful. It is true that I've got lots of source code on my
hard drive, but a few other things are a much higher priority for me.
Not the least of these is releasing the next version of premail. As far
as I know, none of the S/MIME developers have managed to get detached
signatures to work. Surely it is important to get that working before
spending much time on tunneling PGP through PKCS #7.
Raph