I have a question for the group concerning attribute certificates.
Is there an accepted location to put an attribute certificate associated with
the signer in the SignedData data structure? I have a SignedData object and
I?m considering putting an attribute certificate associated with the signer in
the ?certificates? field of SignedData in addition to the PKC of the signer.
Is that a ?philosophically correct? location? I have some concern about
standard decoders being able to successfully decode the SignedData structure if
includes an attribute certificate. Other options include burying the
certificate in the encapsulated content or including it as a Signed or UnSigned
attribute.
I?d appreciate any advice and or lessons learned that you can offer. Thanks in
advance.
Chris Francis