Bert,
It appears that a number of the potential reasons for extending the basic
certificate format with PKCS#7 have disappeared with X.509 v3. Although it does
not appear that PKCS #7 is necessarily incompatible with version 3, there is
now a significant amount of overlap. There are also some cases where v3 goes
beyond PKCS#7 in useful ways.
In particular, for applications such as credit card banking, where the acquirng
bank may have to have a number of hardware cryptodevices in order to handle the
throughput and turnaround requirements, it is necsssary to have some way of
rapidly identifying which certificate/public key should be used to validate a
message.
The v1 approach was to identify certificates by issuer DN and serial number.
fond as everyone is of distinguished names :-), this amount of parsing seems
unnecessary when compared to the simple use of a Key Identifier string.
Since according to the PKCS introduction RSA has taken it upon themselves to be
the sole arbitrar of these standards, may I ask what you intend to do about
updating the PKCS standards to conform with the revised X.509?
Bob
Robert R. Jueneman
GTE Laboratories
1-617-466-2820 Office
1-508-264-0485 Telecommuting (most often)
1-508-264-4165 FAX