Forwarded message:
From: "Charles W. Gardiner" <gardiner(_at_)BBN(_dot_)COM>
To: TCJones(_at_)dockmaster(_dot_)ncsc(_dot_)mil
Cc: pem-dev(_at_)TIS(_dot_)COM
Subject: Signature Significance
I think you misunderstood me. When I wrote "When a person signs the whole
document, he/she essentially affixes his/her signature in all the places, and
in all roles, where his/her name appears." I did not mean that the
signature(s) would appear anywhere "in" the document. The signature would be
separate but would "cover" the entire document. That would mean that I, as
signer, have "signed" in every place where my name appears in a "signature
line", If I appear in several roles and I have different certificates for
those roles, then I would have to sign the document with my secret key for
each of those roles. Multiple signatures may be accommodated by "nesting"
them. Once I have signed the document, no one can change the places where my
name appears, or does not appear, without invalidating my signature.
Personally I don't see how this discussion is at all relevant! The PEM RFC's
provide a mechanism for transporting information that can be shown to have
certain properties. The main one is that the message has not been tampered
with. The cert used to sign the DIGEST has NO conextion with the information
contained within the message body. The above discussion would only have merit
if the message body stated that it came from a particular author and the
author also signed the DIGEST else there cannot be any link between the two.
Pete