From: Dr Stephen Henson <shenson(_at_)bigfoot(_dot_)com>
In the minimal case the user's certificate will not be provided. Also
since some of the CA's include the large disclaimers in the user
certificate this wont always help.
I agree with Steve. The issuer name and serial number contained in
SignerInfo is sufficient to retrieve the user's certificate from
a repository. If there were a global repository nothing more would
be needed. However, there isn't.
It would be useful to define an S/MIME "subjectCertRepository"
attribute: a URI with syntax IA5String (as used in GeneralName).
This attribute, along with issuer/serial and a suitable amount of
handwaving would allow the user's cert to be retrieved using
LDAP, ftp, http, etc.