That would match the P-Mode latest
version:
PMode[1].Security.X509.Sign
PMode[1].Security.X509.Sign.Element[]
PMode[1].Security.X509.Sign.Attachment[]
where each one of the two last parameters can handle a list of parts.
Same set of P-Mode
parameters exist with Encryption instead of
Sign.
-J
http://www.oasis-open.org/apps/org/workgroup/ws-sx/email/archives/200702/msg00008.html
that requests:
Add to sp:SignedParts and sp:EncryptedParts sp:SignedParts/Attachment
and sp:EncryptedParts/Attachment respectively.
and was submitted by
Frederick Hirsch of Nokia
{As far as I can tell it is public or OASIS member accessible link }
The remaining policy features that are not documented pertain to whether signing should be done before or after encryption.
Concerns that pertain to this policy selection are replay/reuse (potential cut and paste of signed material and signature), traffic analysis (if identity is revealed by signature), etc.