I'm rather against such a construction. I'm more in favor of messages sent
without the corresponding key (relying on some kind of local key database.
This is probably due to my pgp backgorund :-)
I'm basically neutral on this issue, but if there's opposition to the idea I
think we should abandon it.
Also I (again) feel like the "next" parts could be used for additional
signature parts, and even though I can see how to move the key-data out of
the security part, I fail to see how to move additional signatures out of it
(without forcing nested sigs). Of course it might be possible to mix sigs
and key data parts...
Good point. The use of multiple signatures at the same level is appealing, I
agree, although the multipart mechanism does make it strictly unnecessary. On
the other hand, an arbitrarily nested multipart in the key-data position may be
too much...
Ned