A couple of additional questions for consideration.
1. Consider the message S1(S2(S3(M))) where S2 has an
MLExpansionHistory attribute and S1 has a ESSSecurityLabel attribute.
Under the current processing rules the security label would not be on
the output message of an MLA. Attributes on S2 are preserved, but not
those on S1. Does this need to be changed?
2. Are there any other attributes for which this needs to be changed as
3. If you have the message S1(S2(E1(S3(M)))), if S1 or S2 contains an
ESSSecurityLabel attribute it would be preserved only if there was an
MLExpansionHistory attribute in the same signature layer.
4. Are there any other attributes that need to be preserved here as
5. There is a rule that states all attributes need to be kept unless
replaced. This needs to be modified to exclude the
id-aa-SigningCertificate attribute. If this element is not replaced but
copied then the signature of the MLA SHOULD fail validation. Can
anybody else think of attributes for which this is also true.