Chen,
I don't believe that we need all of the complexity of KeyID to identify an
X.509 cert. IMHO, the IssuerAndSerialNumber syntax is sufficient (assuming
that every cert has an Issuer DN which has been proposed as a MUST
requirement for certs used for S/MIME). IssuerAndSerialNumber is used to
identify the signer's cert in SignerInfo and I believe that it is also
sufficient in the case of the "corporate key" cert.
- John Pawling
How about the PKCS#7 keyID?
KeyID ::= CHOICE {
x509IssuerAndSerialNumber
[ 0 ] EXPLICIT IssuerAndSerialNumber,
-- X.509 cert.issuer and cert.serial no.
x509KeyID [ 1 ] EXPLICIT X509KeyID,
publicKeyInfo [ 2 ] EXPLICIT SubjectPublicKeyInfo,
-- Raw public key info,
internalID [ 3 ] EXPLICIT INTEGER, -- Internal ref.used by this PDU
otherID [ 4 ] EXPLICIT OtherID,
}
To shamelessly cut and paste a message as sent by Peter Gutmann (on an
entirely different issue) ...
-- Chen Wang, NetDox