Hello,As I understand CMS rfc2630 and ESS rfc2634, it is
possible to create a SignedData with multiple signers (one signedData with
multiple signerInfos). Say one of these signers has included a ReceiptRequest in
his signedAttributes. How would another (subsequent) signer also add a
ReceiptRequest or modify the existing one?
It looks like there is no provision for this. The first signer to request a
receipt pre-empts any other signer who may wish a different receipt
request. The receipt request itself cannot
be modified because it is a signed attribute. Can subsequent
signers pretend to be an MLAgent and add a mlReceiptPolicy?Also, I find myself confused by statements in sections
2.2.1 and 2.3 from the ESS rfc. These are highlighted by asterisks
belowESS 2.1 Signed
Receipt Concepts
The originator of a message may request a
signed receipt from the
message's recipients.
ESS 2.2 Receipt
Request Creation
<snip>Only one
receiptRequest attribute can be included in the
signedAttributes
of a SignerInfo.
ESS 2.2.1 Multiple
Receipt Requests
There can be multiple SignerInfos within a
SignedData object, and
each SignerInfo may include
signedAttributes. Therefore, a single
SignedData object may
include multiple SignerInfos, each SignerInfo
having a
receiptRequest attribute. For example, an originator can
send a
signed message with two SignerInfos, one containing a DSS
signature, the other containing an RSA signature.
Each
recipient SHOULD return only one signed receipt.
/***Not all
of the SignerInfos need to include receipt requests, but in
all
of the SignerInfos that do contain receipt requests, the receipt
requests MUST be identical.***/ The "different people"
are not making different requests? They're just copying the first person's
receipt request?
Thanks for your
help,
-
Lnr
____________________________________________
Lnr
Foley
Baltimore Technologies
Web: http://www.baltimore.com
_____________________________________________