Eric to answer your specific bootstrap question:
You don't necessarily need to know the specific
capabilities of the receiver to sign.
A strategy could be to sign with all algorithms
(multiple signerinfos). Once you have
confirmed capabilities by receiving the
SMIMECapabilities, from then on you could avoid
having to generate the extra signerinfos.
Thus the bootstrap approach could be to start
with the "default" of "all algorithms".
Behalf Of Eric Norman
Sent: February 17, 2005 3:37 PM
Subject: Re: I-D ACTION:draft-ietf-smime-certcapa-02.txt
I'm having a problem with the notion of capabilities that relate to
signing. These would be capabilities that I have and someone else
needs to know about before they can send me a signed message,
right? How is the distribution bootstrapped? I send them to
him in a signed message? But what if he has the same problem
and needs to inform me about his capabilities before I can sign that message?
University of Wisconsin -- DoIT