Originator-ID encapsulated header fields identify a message's
originator and provide the originator's IK identification component.
Two varieties of Originator-ID fields are defined, the "Originator-
ID-Asymmetric:" and "Originator-ID-Symmetric:" field. An
"Originator-ID-Symmetric:" header field is required for all PEM
messages employing symmetric key management. The analogous
"Originator-ID-Asymmetric:" field, for the asymmetric key management
case, is used only when no corresponding "Originator-Certificate:"
field is included.
Most commonly, only one Originator-ID or "Originator-Certificate:"
field will occur within a message. For the symmetric case, the IK
identification component carried in an "Originator-ID-Symmetric:"
field applies to processing of all subsequent "Recipient-ID-
Symmetric:" fields until another "Originator-ID-Symmetric:" field
occurs. It is illegal for a "Recipient-ID-Symmetric:" field to occur
before a corresponding "Originator-ID-Symmetric:" field has been
provided. For the asymmetric case, processing of "Recipient-ID-
Asymmetric:" fields is logically independent of preceding
"Originator-ID-Asymmetric:" and "Originator-Certificate:" fields.
Multiple Originator-ID and/or "Originator-Certificate:" fields may
occur in a message when different originator-oriented IK components
must be used by a message's originator in order to prepare a message
so as to be suitable for processing by different recipients. In
particular, multiple such fields will occur when both symmetric and
asymmetric cryptography are applied to a single message in order to
process the message for different recipients.
Originator-ID subfields are delimited by the comma character (","),
optionally followed by whitespace. Section 5.2, Interchange Keys,
discusses the semantics of these subfields and specifies the alphabet
from which they are chosen.