Mike Roe writes:
I'm extremely puzzled by the following paragraph from RFC 1421:
4.6.4.2 Key-Info Field
One "Key-Info:" field is included for each of a message's named
recipients. In addition, it is recommended that PEM implementations
support (as a locally-selectable option) the ability to include a
"Key-Info:" field corresponding to a PEM message's originator,
following an Originator-ID or "Originator-Certificate:" field and
before any associated Recipient-ID fields, but inclusion of such a
field is not a requirement for conformance with this RFC.
Does anyone know what the semantics of this locally-selectable option are?
That is, if you see a Key-Info field immediately following an Originator-
Certificate, what do you do with its contents and what does this tell you
about the message?
This Key-Info isn't of much interest unless you happen to be the originator
whose Originator-Certificate it follows, and the message is being returned to
you as the result of an error somewhere in the Wide Blue MTS. The rationale
for this option is so that when Proc-Type==ENCRYPTED messages are bounced back
to their senders that said senders will be able to unwrap the messages for
themselves, in the same manner as other recipients use their Key-Infos so as
to be able to unwrap their copies.
--jl