PEM allows a message to only state the issuer name and serial number
of the sender, in the Originator-ID-Asymmetric field. I know you can
use X.500 directories to look up a user's certificate based on their
distinguished name, but how would I use X.500 to look up a certificate
based on the issuer DN and serial number?
If the answer is "you don't", then how am I supposed to make use of an
Originator-ID-Asymmetric field? Do I have to send a mail message to the
issuer (whose email address I don't know) ?
(These difficulties may be an argument to strongly discourage using
just an Originator-ID-Asymmetric field unless you know the recipient
already has the certificate.)
- Jeff