From: jsp(_at_)jgvandyke(_dot_)com (John Pawling)
To get back to your original rebuttal, if the intermediate entity adds the
outer signedData, then IMHO it is not a contentReviewer, it is a
contentOriginator because it is creating a new signedData object.
Therefore, I believe that my comment still stands.]
I find it hard to accept that a release authority, which may add a label
as part of it's processing, is a content originator. Capturing the
distinction between signing something that you wrote and signing something
that someone else wrote is precisely the reason for defining a
signaturePurpose extension. It doesn't matter whether the contentReviewer
adds a parallel signature, a wrapped signature, or a countersignature -
it's still a reviewer, not an originator.
I'm not averse to removing the example; it's just an illustration of the
possibilities. If it causes more confusion than it dispels, then it
should go. But I think the case where a reviewer adds another wrapping
layer with a label is legitimate, and does not contradict ESS.