Dave,
"release authority" has different meanings (or no meaning) to various folks.
For example, the DMS organizational releaser (not the drafter) is the
"content originator" of the DMS organizational message.
Any entity that creates an eSSSecurityLabel different from those included in
the original signedData object MUST create a new outer signedData to contain
the new eSSSecurityLabel and that entity is the original signer of the new
outer signedData.
In summary, I believe that the example should be removed because it causes
confusion.
- John Pawling
At 05:59 PM 3/19/98 -0500, David P. Kemp wrote:
From: jsp(_at_)jgvandyke(_dot_)com (John Pawling)
To get back to your original rebuttal, if the intermediate entity adds the
outer signedData, then IMHO it is not a contentReviewer, it is a
contentOriginator because it is creating a new signedData object.
Therefore, I believe that my comment still stands.]
I find it hard to accept that a release authority, which may add a label
as part of it's processing, is a content originator. Capturing the
distinction between signing something that you wrote and signing something
that someone else wrote is precisely the reason for defining a
signaturePurpose extension. It doesn't matter whether the contentReviewer
adds a parallel signature, a wrapped signature, or a countersignature -
it's still a reviewer, not an originator.
I'm not averse to removing the example; it's just an illustration of the
possibilities. If it causes more confusion than it dispels, then it
should go. But I think the case where a reviewer adds another wrapping
layer with a label is legitimate, and does not contradict ESS.