I disagree with this statement. I think a general solution for
signature handling of objects/messages must allow a user to
unambiguously assert the meaning of signatures applied to collections
of information and other signatures. This is particularly
important if mime-pem is to serve as a building block for protected
objects.
Dave,
It's not clear from your context what the binding time is or how much
generality you're implying when you say the user will assert the meaning of
the signatures. If you meant there's a published (standard) specific,
limited set of interpretations for multiple signatures, and the sender
merely chooses one of them, then it's certainly reasonable for the receiver
to be prepared to interpret what the sender meant. On the other hand, if
the sender is allowed to make up an interpretation withour prior
arrangement and incldue the interpretation in his signature block, then we
have an open-ended system which can't work automatically. Let me try a
semi-realistic example.
Let's suppose you have a fairly simple PEM system and it doesn't know much
about the meaning of multiple signatures. Now suppose you receive a signed
message with only one signature and an instruction that says, "For contract
values in excess of $25,000, this company requires signatures by two
separate corporate officers." (I've been sneaky and presented an example
in which multiple signatures play a role and yet the message doesn't
actually contain two signatures.)
What should the recipient understand about this message? Did you have in
mind that the signature verification process should report that the message
is not validly signed if the amount involved is in excess of $25K, but
otherwise should report the signature is valid? Even if there were a
language for expressing the constraints, the message would first have to be
received and checked for integrity before the conditions could be
interpreted. And then how would you determine the validity of the
condition? It could just as well have the wrong limit, e.g. the check may
have been for $20K and the company rules might really set the limit at
$10K. The bad guy signs the message and lies about the limit.
==============
The above excursion may take us too far afield. My point in my earlier
message is that it seems possible to separate the mechanics of multiple
signatures from the intepretation, i.e. the usual mechanism versus policy
split. If I receive a message with two signatures, even if I check both
signatures, I'll need to know what to do with them. I believe that it's
not meaningful for the sender to attempt to impose the interpretation;
there has to be agreement beforehand.
Steve
--------------------
Steve Crocker
CyberCash, Inc. Work: +1 703 620 1222
2086 Hunters Crest Way Fax: +1 703 391 2651
Vienna, VA 22181
crocker(_at_)cybercash(_dot_)com