Phil,
I agree with your comments which are consistent with those of Russ Housley.
In summary, I agree that SignerInfo unauthenticatedAttributes should not be
defined as "Attributes", but rather as UnauthAttributes as follows:
UnauthAttributes ::= SET OF UnauthAttribute
UnauthAttribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
attrValues SET OF AttributeValue }
AttributeValue ::= ANY
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================