I'm confused, and don't know who to ask questions about the draft to, but I
had your mail address-- sorry. ;-)
No problem. The correct forum for discussion of the PEM drafts is the
PEM Developer's mailing list (pem-dev[-request](_at_)tis(_dot_)com). I'm taking
the liberty of cc'ing the list with my reply.
In the case of an encrypted message to multiple recipients using asymetric
keys (such as a mailing list), I don't understand how you determine which
Key-Info field belongs to which recipient.
Page 37:
"The 'Recipient-ID-Asymmetric:' field contains, in order, an Issuing
Authority subfield and a Version/Expiration subfield."
Wouldn't the Recipient-ID-Asymmetric field need to contain the certificate of
the recipient of the message which would have both the Issuing Authority,
version/experiation, and >>distinguished name<< of the recipient in order to
know which Key-Info field belongs to you?
Confused,
--William
The recipient's public-key certificate (ith public key, subject dname,
etc.) is needed by the originator of the message to encrypt the
message DEK. However, a recipient does not really need the public-key
certificate, per se. The recipient only needs to know which of their
possibly multiple public-key certificates was used by the originator,
and hence, which private key to use to decrypt the message DEK.
Since a subject dname may identify multiple certificates, the issuer
dname and serial number are used to uniquely identify a single
certificate.
-DB