CMS defines authenticatedAttributes as a SET OF AuthAttribute and
unAuthenticatedAttributes as a SET OF UnauthAttribute. The ESS I-D
specifically states that a signerInfo MUST NOT include multiple instances of
any of the following attributes: mlExpansionHistory, receiptRequest and
eSSSecurityLabel. Propose that all of the other types of attributes (except
counterSignature) should be limited by the same rules. This requires
additional text to be added to ESS, CMS and MSG. I will include detailed
comments in my comments to the next round of these specs.
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.