I was working closely with the certificates from the examples draft
(closely meaning "importing them into my own code and Outlook Express
and seeing what happened"). The following certificates do not have an
email address in a subjectAltName extension:
AliceRSASignByCarl
BobRSASignByCarl
DianeRSASignEncryptByCarl
Was it a conscious decision to omit the email address from these
certificates?
If we were to repair this, I don't believe it would affect anything
other than the certificates themselves. Their subjectKeyIdentifier,
issuer and serialNumber fields would not be changed, so any CMS bodies
that referenced those certificates would not need to be updated. The
fix, of course, would be to add a subjectAltName extension with the
email address corresponding to that certificate.
I recommend that we add the email address to these certificates.