Cryptographic Message Syntax (CMS) SignedData includes the SignerInfo structure to convey per-signer information. SignedData supports multiple signers and multiple signature algorithms per signer with multiple SignerInfo structures. If a signer attaches more than one SignerInfo@ there are concerns that an attacker could perform a downgrade attack by removing the SignerInfo(s) with the 'strong' algorithm(s). This document defines the multiple-signatures attribute@ its generation rules@ and its processing rules to allow signers to convey multiple SignerInfo objects while protecting against downgrade attacks. Additionally@ this attribute may assist during periods of algorithm migration.
RFC 5752-2010 history
2010RFC 5752-2010 Multiple Signatures in Cryptographic Message Syntax (CMS)