Bob,
I don't really want to extend this thread on key selectors but I do want
to answer your explicit questions to me on the mailing list.
In the case of Organizational Persons, in RFC1422 it is clear
that the same certificate cannot be certified by two different
CAs, because of the requirement for name subordination.
I haven't checked PEM/MIME to see if they addressed this issue,
and if so how. I suspect it's the same as in classic PEM, Jim?
This is issue is outside the scope of PEM/MIME. If the user is using
certificates, great. The creation, management, verification,
distribution, etc., of certificates is wholly outside the scope of the
PEM/MIME document.
BTW, Jim, do you have a position vis a vis including support for
the minimal content of v3 in this version fo the spec? I.e., the
capability of supporting the extensions only, not the proposed
definitions of what some useful extensions might be?
PEM/MIME is happy to use whatever version of certificate suits the user.
The choice is irrelevant to the support of the PEM protocol and security
services since the specification only cares about the presence of a
public key.
Jim