I agree with Jim Schaad's issuer/serialNumber authenticated attribute
1) I agree that it meets a valid requirement because it is certainly
possible to have multiple certs containing the same public key material.
2) It provides the flexibility to bind the signer's cert (via the
issuer/serialNumber) with the signed data without forcing the signer to
always include the signer's cert in the signedData object. In other words,
if the signer knows that the recipient already has the signer's cert, then
the signer should not be forced to send the signer's cert in the signedData.
3) It is backwards compatible with S/MIME v2 legacy software because the
legacy software will ignore the new attribute, but it can still verify the
J.G. Van Dyke & Associates, Inc.