From: Francois Rousseau <f(_dot_)rousseau(_at_)adga(_dot_)ca>
This
implies that the signedInfo issuerAndSerialNumber field can NOT uniquely
identify both the public key certificate and the AC for each originator.
Either I am completely confused about the point you are trying to make,
or you are confused about the difference between an attribute authority
and the subject of an attribute certificate.
To clarify:
* a public key certificate is issued and signed by a CA.
* one or more attribute certificates are issued and signed by one or
more AAs, which in general are different from the CA.
* each AC refers to one or more base public key certificates
(the "subject") which, as you point out, can be referred to using
either a baseCertificateID or a subjectName.
* the CMS SignerInfo issuerAndSerialNumber field refers to one public
key certificate.
Therefore, since the issuerAndSerialNumber field refers to one public key
certificate, and all ACs have a subject (public key certificate),
then the issuerAndSerialNumber field uniquely determines both the
signer and all ACs which apply to the signer.