Peter:
You are referring to ESS, RFC 2634, right?
ooops, yes.
In some cases, signatures are serial. In this case, a countersignature
that contains the current Signing Certificate Attribute is sufficient.
In this case, too, the first signer or the document policy might want to
indicate: 'my signature is only valid if there is a countersignature from
"the boss"'.
In other cases, signatures are parallel. I think that your comments apply
to this situation. Here, multiple signer info structures are present, each
with it's own Signing Certificate Attribute. You are looking for a way to
bind two or more signer info structures together. Am I understanding your
concern correctly?
Yes, binding together and making the signature validation fail if not all
necessary signatures are present.