All,
IMHO, Jim Schaad has done an excellent job of writing the 9 May 98 Signing
Certificate Attribute Specification. I agree with Jim's proposals. I
believe that the signingCertificate attribute should be supported by S/MIME
v3-compliant applications.
I have one comment to the spec. Pleas add the following text to Sec 4:
"If present, the signingCertificate attribute MUST be an authenticated
attribute; it MUST NOT be an unauthenticated attribute. CMS defines
authenticatedAttributes as a SET OF AuthAttribute. A signerInfo MUST NOT
include multiple instances of the signingCertificate attribute. CMS defines
the ASN.1 syntax for the authenticated attributes to include attrValues SET
OF AttributeValue. A signingCertificate attribute MUST only include a
single instance of AttributeValue. There MUST NOT be zero or multiple
instances of AttributeValue present in the attrValues SET OF AttributeValue."
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================