For data, I guess it depends on what type of data Policy we want to support, we currently have an owner plus a list of permissions for other keys, so we need the pk along with the signature to be able to validate.
3 Likes
Ah yes, so unless we try each key then we do need the given key to be included. Makes sense to me 
2 Likes