|
I
have a question for the group concerning attribute certificates. Is
there an accepted location to put an attribute certificate associated with the
signer in the SignedData data structure?
I have a SignedData object and I’m considering putting an attribute
certificate associated with the signer in the ‘certificates’ field of
SignedData in addition to the PKC of the signer. Is
that a “philosophically correct” location? I have some concern about standard decoders being able to
successfully decode the SignedData structure if includes an attribute
certificate. Other options include
burying the certificate in the encapsulated content or including it as a Signed
or UnSigned attribute. I’d
appreciate any advice and or lessons learned that you can offer. Thanks in advance. Chris
Francis |