From: Paul Hoffman / IMC <phoffman(_at_)imc(_dot_)org>
In your scenario, the processing software
has no idea which label was applied by the original signer.
If your purpose is for an outer signature to "notarize" and bind an
inner signature/label to inner content, then you must use wrapped
signatures. I've never seen such a requirement in the context of label
processing.
But if your purpose is to identify which signature/label is applied by
the originator and which by a gateway / MTA / etc, then a lightweight,
flexible mechanism which allows parallel signatures should be an
option. That was Chris Bonnatti's original point. One mechanism is
the "Signature Purpose" attribute referred to in the subject line which
would identify one signature as the originator's. Another mechanism is
for the gateway's certificate to restrict it's signature from being
interpreted as a message originator's.
The point is that if:
1) you don't have/support a suitable signature purpose mechanism, and
2) your security policy requires you to identify the originator's label
in order to give it special treatment over all other labels,
then you can still use the left message with signature wrapping to
identify the originator. If either of those is false, then you are
able to use either wrapped or parallel signatures. There is no need
for an arbitrary "labels must be identical" restriction which as a side
effect forces you to always use wrapped signatures.
Note: even with the left message, there is no way to determine the
message originator if multiple signatures contain identical labels.
So the Signature Purpose attribute is useful even with the label
restriction.