While I might have overlooked an option which actually allows the
sending of a full chain, do you think it would be reasonable, and
in the scope and the spirit of the S/MIME Working Group, to mandate
that client MUST(?)/SHOULD(?) have an option that sends all information
available to validate the sender cert (cert chain + possibly crl and/or OCSP).
This behaviour came out as a Best Practice recommendation from the
analysis of the results for the recent EEMA PKI Challenge project.
Chris
Royal Mail is a trading name of Royal Mail Group plc. Registered in England and
Wales.
Registered number 4138203. Registered office at 148 Old Street, LONDON EC1V 9HQ