I just realized that I took the wrong file so half of my comments
are inappropriate.
The minutes are not correct, but the new CMS 12 document does
incorporate some changes.
So, please, Russ accept my apologies.
Here is the text.
5.6 Message Signature Verification Process
The input to the signature verification process includes the
result
of the message digest calculation process and the signer's
public
key. The recipient may obtain the correct public key for the
signer
by any means, but the preferred method is from a certificate
obtained
from the SignedData certificates field. The selection and
validation
of the signer's public key may be based on certification path
validation (see [PROFILE]) as well as other external context,
but is
beyond the scope of this document. The details of the
signature
verification depend on the signature algorithm employed.
Regards,
Denis