Paul:
Paul, the current structure mandates the use of RSA key management. The
standrd
should not prohibit the use of other techniques such a Diffie-Hellman. It is
possible to have RSA as the "must implement" key management algorithm, but
the
standardized structure should not prohibit the use of other techniques.
And it doesn't. In fact, with the SMIMECapabilities, it makes it easy for
an agent that is using some other kind of key management to announce that
to the world on every signed and/or encrypted message it sends out. This
is described in the beginning of Section 2.5.2 of the drafts.
The PKCS#7 structure that supports S/MIME does not permit any key
management algorithm to work. For example, there is no place to carry the
originator certificate that contains an Diffie-Hellman key.
Russ