Carl,
In general, the value used as an IV with symmetric algorithms
need not be protected against disclosure. In some instances it is
appropriate to protect the IV against undetected modification, but the
use of a one-way hash in PEM counters the vulnerability that arises
from the unprotected transmission of the IV.
The IV a per-submission value, not a per-recipient value,
hence it is placed in the DEK-Info field. To encrypt it along with
the DES key on a per-recipient basis is not cryptographically
necessary, as noted above. If one were using DES for key management,
the IV would not fit in a single block and thus would increase the
overhead for each recipeint. Admittedly, in the case of RSA, the
inclusion of the IV would not result in a bigger Key-Info field.
However, we were trying to be algorithm indepedent whenever possible
and thus attempt to keep separate the per-submission and per-recipient
data items.
Steve