5) Sec 6, Intro, Step 3: Do you think that it is worthwhile to mention
in
the CMS spec that a sending agent should include a copy of the
content-encryption key that is protected using the originator's key
material
so that the originator can always decrypt the message?
Good idea. How about:
3. For the originator and each recipient, the encrypted
content-encryption key and other recipient-specific
information are collected into a RecipientInfo value, defined
in Section 6.2.
I'd prefer that this be optional.
Regards,
Rich