After a quick look at the ASN.1 I've noticed the following:
1. The definition of SignedData includes
crls [1] IMPLICIT CRLs OPTIONAL
but no definition for CRLs is provided. A definition for the old PKCS #7
CertificateRevocationLists is provided in section 7.1. Either section
7.1 should be changed to define CRLs or the SignedData definition should be
changed to use CertificateRevocationLists. I suggest changing the SignedData
definition to use the existing PKCS #7 definition.
2. Section 5.2 includes
signatureAlgorithm signatureAlgorithmIdentifier
"signatureAlgorithmIdentifier" should be SignatureAlgorithmIdentifier, with
an upper case "S".
3. Section 7.7 includes
serialNumber CertificateSerialNumber
PKCS #7 says that CertificateSerialNumber is imported from X.509, but the
1988 X.509 spec doesn't include a definition for CertificateSerialNumber.
It defines "SerialNumber". This should be changed to SerialNumber unless
CertificateSerialNumber is defined in a later version of X.509.
4. In section 7.9 a definition for Version is included. Version is defined
in X.509, so maybe it could be included from X.509 instead of adding a
definition here.
FWIW,
----->
Scott Hollenbeck
Xerox Special Information Systems
Arlington, Virginia USA