8. Minimum Essential Requirements

This section summarizes particular capabilities which an implementation must provide for full conformance with this RFC.

RFC 1422 specifies asymmetric, certificate-based key management procedures to support the message processing procedures defined in this document; PEM implementation support for these key management procedures is strongly encouraged. Implementations supporting these procedures must also be equipped to display the names of originator and recipient PEM users in the X.500 DN form as authenticated by the procedures of RFC 1422.

The message processing procedures defined here can also be used with symmetric key management techniques, though no RFCs analogous to RFC 1422 are currently available to provide correspondingly detailed description of suitable symmetric key management procedures. A complete PEM implementation must support at least one of these asymmetric and/or symmetric key management modes.

A full implementation of PEM is expected to be able to send and receive ENCRYPTED, MIC-ONLY, and MIC-CLEAR messages, and to receive CRL messages. Some level of support for generating and processing nested and annotated PEM messages (for forwarding purposes) is to be provided, and an implementation should be able to reduce ENCRYPTED messages to MIC-ONLY or MIC-CLEAR for forwarding. Fully-conformant implementations must be able to emit Certificate and Issuer- Certificate fields, and to include a Key-Info field corresponding to the originator, but users or configurers of PEM implementations may be allowed the option of deactivating those features.