You can actually do this with the mechanisms provided by the current I-D. The
first person creates the message and applies MIC-ONLY PEM to it. The result is
a multipart/pem. The second person reads it, approves of it (either with or
without comment).He then creates a new message, containing the signed original
as a subpart, and MIC-ONLY PEMs that. Presto -- two signatures. This can be
repeated as often as necessary.
This can of course be done but is not as compact nor as seemless as desired.
What I had in mind was maybe a mechanism by which the 2nd and later signatures
were done via an additional digest of the original msg. + comments if any,
encrypted with the 2nd signer's private component, etc.
I agree that support for multiple signers under whatever context is an
important
area to standardize on. Whether it's within the domain of PEM is another
question as you've noted. I am tempted to say it is. And personally, I would
like to see it supported with a minimal of MIME encapsulation. (I am quite
happy with the technique proposed for handling binary data using MIME
encapsulation because it was a minimal encapsulation.)
-Ray