Jim,
I understand that the S/MIME working group had to create the
SMimeEncryptionCerts attribute because the X.509 "supported algorithms"
attribute is not an authenticated attribute and it is not bound to a given
certificate. The SMimeEncryptionCerts attribute provides a method of
publishing certificates with secondary support information such as the
SMimeCapabilities attribute (containing bulk algorithm support) in a way
that is both authenticated and bound to a given certificate.
However, could not similar results be achieved if the SMimeCapabilities
attribute was instead stored as an attribute of an X.509 Attribute
Certificate that is bound to a user's X.509 public key certificate?
Francois Rousseau
AEPOS Technologies