First, I would like to express my gratitude to Jim Schaad for having done this work (and all the work that led up to making this work possible). The draft fills a gap where COSE is being used in conjunction with infrastructure employing X.509-based validation of keys. JOSE defined the necessary parameters right away, while the use case for COSE was less clear initially. One criticism might be that the draft does not speculate on how constrained devices could share tasks that need to be performed in this use case with trusted less-constrained devices -- there are probably infinite ways of doing so, and the ones actually to be used should rather be discussed in the protocols that govern the constrained--less-constrained communication. The draft is ready with issues. ## Major Section 1: The draft points to examples to be found in the github repository https://github.com/cose-wg/Examples -- these are not in there. Either these examples need to be added or this sentence deleted. ## Minor Section 2: I'm not sure what "certificates of a chain length of..." actually means -- the chain length is not an intrinsic property of a certificate, but a function of what the application's roots are. Maybe rephrase: These rules apply when the validation succeeds in a single step as well as when certificate chains need to be built. The draft uses the term "bag" for what is meant to be a set. Maybe stick with the "x5bag" parameter name and the prose "certificate bag", but when saying what it is, say that it is a set. ## Nits https://github.com/cose-wg/X509/pull/28