It is generally inadvisable to sign arbitrary message digest values. These
values potentially have associated meaning which may be damaging to the
signing entity in various contexts and for which the signing entity should
be able to repudiate. For example, message digest may correspond to an
unseen digital contract.
Because a CMS countersigning process might not check the message digest
value presented for serial signature against the corresponding message
content, it can be duped into signing an undesirable message digest value.
I would like to require the validation of the signature value prior to
counter signing it. However, this is not a PKCS#7 v1.5 requirement. Does
anyone have an objection to requiring a counter-signer from validating the
signature value prior to signing it?
If requiring the validation of the presented value is unacceptable, then
some counter-signer-generated data (such as a random nonce or time stamp
attribute) should be included in the counter-signed data. Note that the
input to this process should be different than for a regular signature with
authenticated attributes or the problem will remain.
Russ