Introduction S/MIME (Secure/Multipurpose Internet Mail Extensions) v3.2@ described in [SMIME-MSG]@ provides a method to send and receive secure MIME messages. Before using a public key to provide security services@ the S/MIME agent MUST verify that the public key is valid. S/MIME agents MUST use PKIX certificates to validate public keys as described in the Internet X.509 Public Key Infrastructure (PKIX) Certificate and CRL Profile [KEYM]. S/MIME agents MUST meet the certificate processing requirements documented in this document in addition to those stated in [KEYM]. This specification is compatible with the Cryptographic Message Syntax (CMS) RFC 5652 [CMS] in that it uses the data types defined by CMS. It also inherits all the varieties of architectures for certificate-based key management supported by CMS.