I just realized that I took the wrong file so half of my comments
The minutes are not correct, but the new CMS 12 document does
incorporate some changes.
So, please, Russ accept my apologies.
Here is the text.
5.6 Message Signature Verification Process
The input to the signature verification process includes the
of the message digest calculation process and the signer's
key. The recipient may obtain the correct public key for the
by any means, but the preferred method is from a certificate
from the SignedData certificates field. The selection and
of the signer's public key may be based on certification path
validation (see [PROFILE]) as well as other external context,
beyond the scope of this document. The details of the
verification depend on the signature algorithm employed.