Just a "minor" clarification. Mark says:
Certificates are part of a hierarchy which eventually leads to a
"root" certificate that you trust. In the Internet model, this would
be the Internet PCA Registration Authority (IPRA) certificate. So,
you must have the originator's certificate as well as the chain of
certificates up to the "root" (IPRA) for you to verify the
originator's signature. It turns out you also need the current
Certificate Revocation List (CRL) from each issuer in the chain to
insure that none of the otherwise valid certificates have been
revoked, but let's side-step that for now.
I claim that "current" in this context means "current as of the
time that you received the message" which hopefully is
approximately contemporaneous to the time the message
was created.
If the certificates are not valid at the time you receive the
message, you are at least notified of that fact, and can go
back to the originator and ask him to resign the message with
a current certificate. But if you come across a message without
the certificates and the original CRL list in some dusty archive,
you have a real problem in trying to decide whether the message is
credible.
If you archive the message without archiving both the
certificates and the CRL which proves that at least at the
time of receipt of the message the sender was legimate
and had not revoked his certificate, you may not be
able to verify the message at a later time.
This subject has been argued before, but I am not certain
that there was a widespread recognition of this principle:
ONCE VALID PEM MESSAGES SHOULD BE VERIFIABLE
FOR ALL TIME.
Even if my key is compromised or I no longer work for my current
employer, that must not invalidate my previous messages. If the
originator of the message is allowed to revoke his
own certificate at some time in the future, not holding
him responsible for his previous messages would be
like writing a contract in disappearing ink.
Regardless of whether the certificates are included in the
PEM message or not, it would behoove anyone who receives
a message to retrieve the relevant certificates and current CRL
from whatever source is presently being used, and save them along
with the message.
Unfortunately, although PEM would allow you to store the certificate
in the messagew even if it hadn't been included originally, I don't know
of a way to include the valid-at-the-time CRL.
I also think that it is highly unfortunate that the PCAs are not required
to keep all previous versions of the CRLs, just for this reason.
Finally, this brings up the unpleasant issue of a trusted date/time, but
presumably some form of notarization (either by a human agent directing
his PEM implementation, or else some trusted daemon) will solve this issue.