+ a third party, for example from Certification Authority. If
+ there are more than one ATTRIBUTE_USER_PUBLIC_KEY attributes set
+ and ATTRIBUTE_USER_DIGITAL_SIGNATURE is also set, the digital
+ signature SHOULD be verifiable with the first set public key.