From John Pawling's S/MIME WG minutes:
In a later discussion, this issue was raised again and Russ explained
the
issue. Russ asked who believed that the signing-certificate attribute
should be added to the S/MIME specs. The vote was 6 to 7 in a room
filled
with several hundred people. It was apparent from this vote and from
the
discussion of the WG members that there was not a consensus regarding
the
purpose and syntax of the signing-certificate attribute, so the result
of
the earlier straw poll was overturned. This issue will be further
discussed
on the S/MIME mail list.
I know we've all heard this before, but for the record:
1. A user generates a signing keypair
2. The user submits the public part to CA #1, who issues a certificate
covered by a particular CPS
3. The user submits the public part to CA #2, who issues a certificate
covered by a different CPS
4. The user signs an S/MIME message using the private part of the
keypair, and uses the IssuerAndSerialNumber for the certificate issued
by CA #1 in the SignerInfo to identify his certificate
5. At any point someone can replace the IssuerAndSerialNumber (since it
is not cryptographically protected) with another certificate containing
the same public key, and the signature will still be valid.
This may be a bug, or it may be a feature. I think it's a bug, and
should be fixed with the addition of SigningCertificate as an
authenticated attribute containing the IssuerAndSerialNumber of the
signing certificate. Comments?
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060