John:
This one comment was not addressed in my long reply to Jim Schaad's
note. So, I am handling it separately.
39) Section 11.3 Signing Time: Jim stated and Russ agreed: "I think we
should loosen up the locations allows for signing-time. I would like to see
it allowed as an autenticated attribute."
I don't object to this change. If the change is made, please make the
following replacement:
OLD: The SignedAttributes syntax is defined as a SET OF Attributes. The
SignedAttributes in a signerInfo MUST not include multiple instances
of the signing-time attribute.
NEW: The SignedAttributes and AuthAttributes syntaxes are each defined as
a SET OF Attributes. The SignedAttributes in a signerInfo MUST NOT
include multiple instances of the signing-time attribute. Similarly,
the AuthAttributes in an AuthenticatedData MUST NOT include multiple
instances of the signing-time attribute.
Good catch. I did some minor edits on your proposed text:
The SignedAttributes syntax and the AuthAttributes syntax are each
defined as a SET OF Attributes. The SignedAttributes in a signerInfo
MUST NOT include multiple instances of the signing-time attribute.
Similarly, the AuthAttributes in an AuthenticatedData MUST NOT
include multiple instances of the signing-time attribute.
Russ