The "Issuer-Certificate:" encapsulated header field is meaningful only when asymmetric key management is used for at least one of a message's recipients. A typical "Issuer-Certificate:" field would contain the certificate containing the public component used to sign the certificate carried in the message's "Originator-Certificate:" field, for recipients' use in chaining through that certificate's certification path. Other "Issuer-Certificate:" fields, typically representing higher points in a certification path, also may be included by an originator. It is recommended that the "Issuer- Certificate:" fields be included in an order corresponding to successive points in a certification path leading from the originator to a common point shared with the message's recipients (i.e., the Internet Certification Authority (ICA), unless a lower Policy Certification Authority (PCA) or CA is common to all recipients.) More information on certification paths can be found in RFC 1422.
The certificate is represented in the same manner as defined for the "Originator-Certificate:" field (transporting an encoded representation of the certificate in X.509 [7] DER form), and any "Issuer-Certificate:" fields will ordinarily follow the "Originator- Certificate:" field directly. Use of the "Issuer-Certificate:" field is optional even when asymmetric key management is employed, although its incorporation is strongly recommended in the absence of alternate directory server facilities from which recipients can access issuers' certificates.