I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This document looks good to me.  I have a few minor comments and
editorial suggestions.

For consistency, I suggest the definitions of the signatureAlgorithm and
macAlgorithm fields refer to the corresponding fields in SignerInfo and
AuthenticatedData similar to the description of the digestAlgorithm
field, i.e., refer to SignerInfo.signatureAlgorithm and
AuthenticatedData.macAlgorithm.  

Though it doesn't really matter, given the requirement for one of
signatureAlgorithm or macAlgorithm to be present, why not use a CHOICE
and force the issue?

In 3.2, change signature validation to MAC verification.