All,
I vote for option 3: "Use PKIX for everything except for v1 attribute
certificates; define v1 attribute certificates in the rfc2630bis appendix."
I agree with Jim Schaad that the S/MIME specs should reference the ASN.1
modules in the PKIX documents instead of the ITU-T documents. The PKIX
documents are freely available to all, but the ITU-T documents are not.
To my knowledge, RFC 2630 is the only IETF spec that uses the v1 attribute
certificate syntax, so I agree with Russ Housley that the v1 attribute
certificate syntax should be included in a rfc2630bis appendix.
The S/MIME Freeware Library can ASN.1 encode and decode signedData and
envelopedData content types that include v1 attribute certificates. I don't
know of any operational use of v1 attribute certificates in signedData and
envelopedData content types.
===========================================
John Pawling, John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com
Getronics Government Solutions, LLC
===========================================