You are precisely correct -- the second person must duplicate the signedinfo
block and create their own signature. If the second person wanted to also
sign in the first signature (a very common case) they would add a new
ObjectReference to their own signature block.
jim
> -----Original Message-----
> From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
> Sent: Thursday, October 28, 1999 5:19 PM
> To: David Solo
> Cc: IETF/W3C XML-DSig WG
> Subject: Easy to have multiple signatures?
>
>
> I was trying to represent the present spec [1] as clearly as
> possible in
> terms of modelling [2] what we area trying to specify and hit
> a question
> based on the following:
>
> <Signature>
> (SignedInfo)
> (SignatureValue)
> (KeyInfo)?
> (Object)*
> </Signature>
>
> Given you can only have one SignatureValue in a Signature,
> than all elements
> within KeyInfo (perhaps a KeyName and a KeyValue) are related
> by identity,
> or they are all supposed to be about the same key basically.
>
> If you want more than one signature (I and Don signed it), you have to
> construct a whole new signature block, right? Or is it
> possible to hang more
> than one (KeyInfo, SigValue) pair off the same SignedInfo via
> a reference to
> it?
>
>
> [1] http://www.w3.org/TR/1999/WD-xmldsig-core-19991022.html
> [2] http://www.w3.org/Signature/Drafts/xmldsig-datamodel-19991025.gif
>
> _________________________________________________________
> Joseph Reagle Jr.
> Policy Analyst mailto:reagle@w3.org
> XML-Signature Co-Chair http://w3.org/People/Reagle/
>