In reading sections 2.5.3 and 2.5.3.1 of msg-05, I'm wondering about the
possibilities where an S/MIME recipient may receive a message encrypted with
a key which doesn't match its encryption key preference, and about what that
recipient can and should do under such circumstances.
In the last sentence of 2.5.3, I'm presuming that the statement, "... the
receiving agent may use any certificate in replying to the sender that is
valid" implies that the certificate's key usage extension (if present)
should be checked to verify that it allows key management operations. It's
clear that a recipient must be able to accommodate suitable certificates
diverging from its intended preference. What's a conformant recipient to do,
however, if a message is generated for it using a encryption key which not
only doesn't match its encryption key preference but whose referenced
certificate doesn't permit key management usage? I'm not sure how
comprehensively an S/MIME recipient is expected to process and validate *its
own* certificates, when encountered as references identifying the key(s)
used to encrypt messages sent to it. In a spirit of conditionally liberal
acceptance despite erroneously non-conservative generation, I'd propose that
local policy and configuration should control whether a recipient system is
allowed to decrypt such a message, and whether the associated user is to be
warned or consulted for confirmation before proceeding. Does anyone's
interpretation disagree, and would this case be worth noting in MSG and/or
CERT?
Regards, ...
--jl