Tim Dean said:
A neat solution would be to define another authenticated attribute,
something like
'signature reason', which would be some kind of enumerated type. Reasons
could be
'Authenticate E-mail sender', 'Authenticated data', etc. Depending on the
reason,
other attributes would be included in the signature.
Without this, I could envisage a situation of having S/MIME signed a local
file for my
own private purposes, and someone sends it off in a mail, followed by an
interesting
non-repudiation debate...
We did this in ANSI X9.45, as well as a medical informatics signature
standard.
The "signature purpose" attribute was an object ID, rather than an
enumeration,
to allow for easy addition of new (possibly application-specific) purposes.
Regards,
Rich