Section 6.2.2
originatorCert is a CHOICE with two alternatives specifying the
sender's certificate, and thereby the sender's public key. The
sender's certificate must contain a key agreement public key, and
the sender uses the corresponding private key and the recipient's
public key to generate a pairwise key.
Is it really necessary that the sender posesses a certificate containing
a key agreement key?
IMHO it need not be and a sender not posessing a certificate with a key
agreement key should still be able to send a message to someone who has
by generating a random key: ukm could (does?) support this. A sender
might want to do this anyway to avoid an "implied signature".
Maybe orignatorCert should be OPTIONAL to permit this: if not then isn't
the explicit tag redundant?
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: via homepage.