Implementation points which have arisen:
(1) is it reasonable to assume that the hex representation of (128-bit)
serial numbers are signed quantities, requiring the BER-style-Integer
preprended 0 octet?
(2) in the case of MIC-ONLY message, where the originator signs the text
under multiple (different) aegis and therefore providing alternative
id-asymmetric/originator-certificate + suggested issuer-certificates to
all recipients, the MIC-Info to be used by a given recipient is
presumably determined hueristically. Should all signatures be verified
in order to assert integrity, for safety?
Is protocol and service support for this feature mandatory for
PEM-conformance?