Major issues from Russ

[ounsworth]

Don't close until:

• Hannes looks at the comment at the bottom.

---

I have serious problems with this document.

There is already an allocation for id-aa-evidence, but it is now in id-ata.

The early assignment was made here: https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-2

PLEASE change it back to:

id-aa-evidence OBJECT IDENTIFIER ::= { id-aa 59 }

In Section 7.2, there was no such early allocation request for:

id-aa-ar OBJECT IDENTIFIER ::= { id-ata 60 }

Assuming this was to be allocated in the same arc as id-aa-evidence, PLEASE stop using 60. It is already allocated for something else.

There is a formatting problem in Appendix A.4. I cannot figure it out; markdown went haywire.

In Appendix B, I am very uncomfortable with the OID assignments:

id-aa OBJECT IDENTIFIER ::= { 1 2 840 113549 1 9 16 2 }
-- IMPORTed FROM SecureMimeMessageV3dot1

id-ata OBJECT IDENTIFIER ::= { id-aa (TBD1) }

id-aa-evidence OBJECT IDENTIFIER ::= { id-ata 59 }

There is already an allocation for this OID. Early assignment was made here:
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-2

This does not match that early assignment. PLEASE change it back to:

id-aa-evidence OBJECT IDENTIFIER ::= { id-aa 59 }

This seems to be a muddling between id-aa-ar and id-aa-ata. I think they are very different purposes, buy one is a arc within the other.

In Appendix B, there is '' line wrapping per RFC 8792. Why? There are three cases, and they are all easily avoided:

OLD:

Certificate, id-pkix
FROM PKIX1Explicit-2009
{ iso(1) identified-organization(3) dod(6) internet(1) security(
5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) }

NEW:

Certificate, id-pkix
FROM PKIX1Explicit-2009 -- from [RFC5912]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-explicit-02(51) }

OLD:

EXTENSION, ATTRIBUTE, AttributeSet{}, SingleAttribute{}
FROM PKIX-CommonTypes-2009 -- from [RFC5912]
{ iso(1) identified-organization(3) dod(6) internet(1) security(
5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }

NEW:

EXTENSION, ATTRIBUTE, AttributeSet{}, SingleAttribute{}
FROM PKIX-CommonTypes-2009 -- from [RFC5912]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkixCommon-02(57) }

OLD:

AttestationResultBundle ::= SEQUENCE SIZE (1..MAX) OF
AttestationResult

NEW:

AttestationResultBundle ::= SEQUENCE SIZE (1..MAX)
OF AttestationResult

Similar changes can be made in B.1 and B.2.

In Appendix C, it is unusual for an author to be acknowledged.

Russ

[ounsworth]

Also, do a cleanup / de-duplication of the Acknowledgements.
(Corey Bonnell)

[ounsworth]

@hannestschofenig You have this in the IANA Considerations section:

• Decimal: IANA Assigned - This was early-allocated as 60 so that we could generate the sample data.
• Description: id-aa-ar

That is untrue, as per Russ' comment above, { 60 } is already allocated for something else.
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-2

Do we actually have any samples that use id-aa-ar (and therefore would need early allocation), or was this just copy and pasted from above? I've removed this and changed the OID to TBD2. If that was important, you'll need to put it back.