Casting a vote from the cheap seats, I think signatures-in-subpackets
are an elegant option for 3rd-party signatures on single signatures.
I suggest inserting the following (or something similar) to 5.2.4:
When a signature over a V4 signature is issued as a subpacket, the
body of hash data consists of the same data that the (parent) V4
signature used to build its own hash, that is, the parent's version,
type, public key algorithm, hash algorithm, and hashed subpacket
material (length header and subpackets).
and changing the beginning of the existing signature-on-a-signature
paragraph in the same section to make it clear that different rules
apply to "sub-signatures":
< When a signature is made over a signature, the hash data..
---
When a signature is issued over a signature packet, the hash data..
Rounding out thoughts on 0x50,
Removing the canonical header replacement for external signing of
signatures would make it easier to work with many notarized
signatures. This probably steps on toes, though.
The ability to construct nice (10.2) messages using multiple/nested
0x50 signatures on fixed signature data (I suggest adding
functionality to the one-pass packet 'nest') would allow complete
expression of 0x50 signatures per 5.2.1 (as opposed to keeping them
detached or on a per-signature basis in subpackets). Additionally, I
think the "signed and notarized document" deserves the same degree of
clout (that only a bona fide message has) as a normal "signed
document."
Happy days,
poiboy