X9.73 defines an additional CMS content type. It is:
NamedKeyEncryptedData ::= SEQUENCE {
version Version,
keyName KeyName OPTIONAL,
encryptedContentInfo EncryptedContentInfo }
Does anyone see a reason to fold the keyName into EncryptedData?
The alternative is to assign an attribute that can be used to
identify the key that is needed to decrypt the content. That
alternative would look like this:
id-aa-contentDecryptKeyID OBJECT IDENTIFIER ::= { <TBD> }
ContentDecryptKeyID::= OCTET STRING
I anticipate an update to RFC 3852 to address the ambiguity in
handling of multiple SignerInfo, so it would not be difficult to add
either the keyName to EncryptedData (with the appropriate version
updates) or the ContentDecryptKeyID attribute.
Russ