Scott:
1. The definition of SignedData includes
crls [1] IMPLICIT CRLs OPTIONAL
but no definition for CRLs is provided. A definition for the old PKCS #7
CertificateRevocationLists is provided in section 7.1. Either section
7.1 should be changed to define CRLs or the SignedData definition should be
changed to use CertificateRevocationLists. I suggest changing the SignedData
definition to use the existing PKCS #7 definition.
Fixed.
2. Section 5.2 includes
signatureAlgorithm signatureAlgorithmIdentifier
"signatureAlgorithmIdentifier" should be SignatureAlgorithmIdentifier, with
an upper case "S".
Fixed.
3. Section 7.7 includes
serialNumber CertificateSerialNumber
PKCS #7 says that CertificateSerialNumber is imported from X.509, but the
1988 X.509 spec doesn't include a definition for CertificateSerialNumber.
It defines "SerialNumber". This should be changed to SerialNumber unless
CertificateSerialNumber is defined in a later version of X.509.
Okay. I droped "Certificate." And I added a sentence about the imports.
Is Name in X.501?
4. In section 7.9 a definition for Version is included. Version is defined
in X.509, so maybe it could be included from X.509 instead of adding a
definition here.
I do not want to get it from there because it nails down the numbers that
are allowed.
Russ