I think we may have missed the point here slightly.
The issue is that a given attribute in the set of authenticated
attributes is not recognised by the receiver. In order to verify the
sig the receiver needs to have the DER encoding of the unknown
attributes value part.
It is essential that individual attributes are encoded using DER for
both signature processing and transmission.
It is essential for the SET OF Attribute(s) to be ordered according to
DER for sig processing.
It is not essential for the SET OF Attribute(s) to be ordered according
to DER for transmission as the receiver can reorder them before sig
To summarise the SET OF Attribute(s) may be BER encoded for
transmission, but the value part of each Attribute (SET OF ANY DEFINED
BY etc) must be ordered and encoded using DER for transmission is
unknwon attributes are to be verified properly.
Hope this clears things up a bit.
p.s. If going to be offline until the 27th, so I'll catch up with this