From: John Pawling <jsp(_at_)jgvandyke(_dot_)com>
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Reference to Applicable Attribute Certificate(s) within the
CMS
Date: Tuesday, May 05, 1998 7:55 AM
All,
I believe that Attribute Certificates should be stored in the signedData
certificates field. The receiving software can find the correct AC in
the
signedData certificates CertificateSet by matching the
issuerAndSerialNumber
info in the signerInfo being verified with the issuerSerial field in the
AC.
But the issuerAndSerialNumber field points to the correct public key
certificate
(needed to verify the signature). Do we need a new authenticated attribute
to convey the issuer/serial # (s) of any relevant attribute certificate(s)?
I believe that it is more efficient to store the ACs in the signedData
certificates field because the same signer's AC may be needed as part of
the
process to verify multiple signerInfos in a signedData. In that case,
the
signer's AC is only stored once in the signedData certificates field
rather
than redundantly in each signerInfo field.
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================
Regards,
Rich