Re: More than one signer - again

I really don't see why having more than one SignatureValue inside a
Signature does much more than cause confusion. You generally want
different KeyInfo for each Signature anyway.  I think the difficulty
from your previous message, appended at the end of this, is the
assumption that the data being signed need to be Objects inside as
Signature. There is no reason you can't make something like

<Package>
	<Stuff>....</Stuff>
	<Nonesense>...</Nonesense>
	...
	<Signature>
		<SignedInfo>
			Refs to Stuff&Nonesense
		</SignedInfo>
		<SignatureValue>user A</SignatureValue>
	</Signature>
        <Signature>
                <SignedInfo>
                        Refs to Stuff&Nonesense
			Possibly a ref to user A Siganture
                </SignedInfo>
                <SignatureValue>user B</SignatureValue>
        </Signature>
        <Signature>
                <SignedInfo>
                        Refs to Stuff&Nonesense
                        Possibly a ref to user A Siganture
                </SignedInfo>
                <SignatureValue>user C</SignatureValue>
        </Signature>
</Package>

(Since you said A signs it and then hands it to B&C, B&C might want to
also sign A's siganture.)

The above leaves out the possible KeyInfo elements which might also
be signed. While it is probably not worth it for just two elements
like Stuff and Nonsense, if you were signing a bunch of things,
you would probably create a
    <Manifest>
	References to each of the things in the bunch
    </Manifest>
which could also be outside of any Signature element and just
have one reference inside the Signature SignedInfo's to this
Manifest.

Donald

From:  Jesper Lillesoe <frogskins@lycosmail.com>
Message-Id:  <5.0.2.1.0.20010607105415.0385ea28@pop3.freepaq.dk>
Date:  Thu, 07 Jun 2001 11:06:29 +0200
To:  <w3c-ietf-xmldsig@w3.org>
In-Reply-To:  <000701c0ea9f$4c275680$01000001@rgm.dk>

>Hi
>
>I have a simple question:
>
>The DTD (or Schema if you like) says that there must be one and only one 
><SignatureValue> element.
>
>Is it a problem to say that there can be one or more <SignatureValue>? 
>Would it introduce anything else than flexibility? It surely would help me 
>a lot, and (I think) make it more applicable.
>
>Thanks in advance,
>
>/Jesper

Message-ID: <000701c0ea9f$4c275680$01000001@rgm.dk>
From: =?iso-8859-1?Q?Jesper_Lilles=F8?= <frogskins@lycosmail.com>
To: <w3c-ietf-xmldsig@w3.org>
Date: Fri, 1 Jun 2001 15:32:23 +0200
Subject: More than one signer - again

Hi again,

The theme came up again...

The scenario is:

Person A creates a "package" of one or more documents. The package could
constitue a contract where the documents are descriptions and
specifications. The person A wants person B and C to sign the contract
(package) together with him, so he signs it himself and sends it to person B
and C.

It is important that when all (A, B, and C) have signed, it should be
possible to have one package with all documents and signatures - just like
any other contract in real life.

I wonder how this should be done?

In a previous answer on this list (to a similar situation) "Donald E.
Eastlake 3rd" <dee3@torque.pothole.com> sugested that (quote):

"If these are separate signatures by separate signers over the document then
you need separate Signature elements. Under some circumstances you can
abbreviate a bit by moving a length Reference list to a Manifest or using
the RetrievalMethod feature of KeyInfo."

This means that I would construct a "package" like (abbreviated):

------------------------------------
<Package>
  <Signature>
    <SignedInfo>
      (references contained objects)
    </SignedInfo>
    <SignatureValue>
       (of person A)
    </SignatureValue>
    <Object Id="file1.doc">
       (Base64 encoded file)
    </Object>
    <Object Id="file2.doc">
       (Base64 encoded file)
    </Object>
  </Signature>
  <Signature>
    <SignedInfo>
      (references the object from the first)
    </SignedInfo>
    <SignatureValue>
       (of person B)
    </SignatureValue>
  </Signature>
  <Signature>
    <SignedInfo>
      (references the object from the first)
    </SignedInfo>
    <SignatureValue>
       (of person C)
    </SignatureValue>
  </Signature>
</Package>
------------------------------------

This creates asymmetry in the signatures as it somehow "says" that the first
Signature is special (and it is not). You could say that I could include all
the Objects in all of the Signatures, but this is not a nice solution with
large Objects.

Why not let there be more than one SignatureValue? This would reflect the
real world where documents seldom are signed by only one. Would it create
problems?

Regards,
/Jesper

Received on Thursday, 7 June 2001 09:24:50 UTC