The current definition of the SMIMECapabilities Attribute allows the user
to state their preference for key management algorithm. I think that it
would be very useful for the user to OPTINALLY include their key management
certificate with this preference.
Today, there is not a ubiquitous Directory available, so people need to
distribute their certificates by other means. By including the key
management certificate in the SMIMECapabilities Attribute, sending a signed
message allows the recipient to respond with a signed and encrypted
message. This is a nice bootstrap mechanism that works will in a Directory
impaired environment.
What do ya think?
Russ