After talking to John and Jim, I've come up with the following wording
for the mlExpansionHistory processing in section 4.1. This replaces the
current last three paragraphs of that section. Please let me know
whether or not it is complete and OK.
==========
There can be multiple SignerInfos within a SignedData object, and each
SignerInfo may include authenticatedAttributes. Therefore, a single
SignedData object may include multiple SignerInfos, each SignerInfo having a
mlExpansionHistory attribute. For example, an MLA can send a signed message
with two SignerInfos, one containing a DSS signature, the other containing
an RSA signature.
If an MLA creates a SignerInfo that includes an mlExpansionHistory
attribute, then all of the SignerInfos created by the MLA for that
SignedData object MUST include an mlExpansionHistory attribute, and the
value of each MUST be identical. Note that other agents might later add
SignerInfo attributes to the SignedData block, and those additional
SignerInfos might not include mlExpansionHistory attributes.
A recipient MUST verify the signature of the SignerInfo which covers the
mlExpansionHistory attribute before processing the mlExpansionHistory, and
MUST NOT process the mlExpansionHistory attribute unless the signature over
it has been verified. If a SignedData object has more than one SignerInfo
that has an mlExpansionHistory attribute, the recipient MUST compare the
mlExpansionHistory attributes in all the SignerInfos, and MUST NOT process
the mlExpansionHistory attribute unless every mlExpansionHistory attribute
in the SignedData block is identical. If the mlExpansionHistory attributes
in the signerInfos are not all identical, then the receiving agent MUST
stop processing the message and SHOULD notify the user or MLA administrator
of this error condition. In the mlExpansionHistory processing, SignerInfos
that do not have an mlExpansionHistory attribute are ignored.
--Paul Hoffman, Director
--Internet Mail Consortium