Reviewer: Robert Sparks Review result: Ready Summary: Ready for publication as a Proposed Standard RFC I did not find any artart specific issues to point to in this document. I did not re-verify the ASN, trusting that the shepherd (who has much sharper skills there than I) got that right. (The shepherd report is very good - thank you for that). Some editorial suggestions: More detail in the motivation would have been nice. There is evidence in the security considerations section of earlier concern expressed with the requirement that a CA processing a CSR MUST fetch a provided URL. I'll add to that and suggest that framing the set of requirements more carefully to "If the CA is willing to process the CSR" to leave room for common sense operational decisions to not appear to conflict with the requirement. I also found the "ED Note" calling out (I assume) the discussion of _not using_ SCVPCertID instead of this extension, but quoting the structure anyway, pretty confusing. Please consider if it will stimulate implementor error. -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx