1. It would be useful if section references to CMS included section numbers
rather than just section titles. An example is the first paragraph of
section 4.
2. Section 4.2.2 --- One of the discussion that I have every so often with
you and Russ deals with the question of validating the originators
certificate during the decrypt process. The current text makes no reference
to doing this or what should happen if this validation fails. Is this what
you want? Do you want to put in some text about doing the validation and
what to do if it fails? Suggested text could run along the lines of "If the
originators certificate is used for the purposes of origination
authenticiation, then the originators certificate MUST be validated prior to
decrypting the message and the decryption MUST NOT proceed if the validation
fails."
3. The document is missing the specification of the SMimeCapability field
to be used for CMSKEA. Please include a small section with the necessary
parameters and a binary version of the encoded attribute so that everyone
uses the same byte sequence.
jim