[Top] [All Lists]

Re: rfc2534 and multiple signing certificate attributes

2001-08-15 06:29:25


You are referring to ESS, RFC 2634, right?
ooops, yes.

In some cases, signatures are serial.  In this case, a countersignature 
that contains the current Signing Certificate Attribute is sufficient.

In this case, too, the first signer or the document policy might want to
indicate: 'my signature is only valid if there is a countersignature from
"the boss"'. 

In other cases, signatures are parallel.  I think that your comments apply 
to this situation.  Here, multiple signer info structures are present, each 
with it's own Signing Certificate Attribute.  You are looking for a way to 
bind two or more signer info structures together.  Am I understanding your 
concern correctly?

Yes, binding together and making the signature validation fail if not all 
necessary signatures are present. 

<Prev in Thread] Current Thread [Next in Thread>