In any case, it is comforting to know that you only use a bare key in the
particular case of the recipient_ID. And based on what you have said, although
you have a preference, I assume that the world would not stop if you decided
to
adopt the issuer/serial convention.
You are right. The world would not stop. For RFC 1422 compatibility
mode (i.e. a centralized hierarchy) RIPEM does use the issuer/serial
of the certificate from the recipient's issuer, of course. Using the
public key was just a preferred mode when strict PEM is not required.
For the "direct trust" mode (no third-party issuer) you suggest using
the issuer/serial from the recipient's self-signed certificate. This
could work, but RIPEM doesn't presently store other people's
self-signed certificates, since there has not been a need so far. But
it's not a big change. (Actually what RIPEM does in
1422-compatibility mode is include a Recipient-ID entry for every
issuer/serial that it can find for the recipient, in case the
recipient is certified under different issuers. If the self-signed
certificate were in the database, this issuer/serial would appear
also, making your suggestion work.)
- Jeff