"Blake Ramsdell" <blake(_at_)brutesquadlabs(_dot_)com> writes:
I agree, and that's why they send all the certificates along with messages to
this date. By "they", I mean S/MIME-enabled versions of Netscape, Outlook
Express, Outlook, and the S/MIME plugin for Eudora that I wrote.
Just as another data point, a small portion of my certificate zoo consists of
cert chains from S/MIME sigs, and every one of them is a full chain (or at
least some sort of chain), rather than a single cert. I don't track where
they originally came from, but they cover (at least) Outlook (many versions),
Netscape, and a few S/MIME gateways that auto-sign everything passing through
them (most of the stuff I've seen in general mail in fact would be auto-
signed, either by a gateway or because the sender turned it on and forgot
about it). I do have some single-cert chains, but they're from oddball
applications like EDI messaging (the certs have EDI altnames and whatnot)
which aren't representative of general usage.
Peter.