I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This document defines the otpChallenge attribute for use when a one-
time password (OTP) value within the CSR is a requirement.  The
revocationChallenge attribute is defined to allow disambiguated usage
of the original challenge password attribute semantics for
certificate revocation.  The estIdentityLinking attribute is defined
to reference existing EST challenge password semantics with no
potential for confusion with legacy challenge password practices.
These attributes provide disambiguation of the existing
overloaded uses for the challengePassword attribute defined in PKCS
(Public-Key Cryptography Standards) #9 [RFC2985].
The Security Consideration seems adequate.



I found one issue in the ASN.1 module in Appendix A, but it was fixed in 


the most recent version. So the document is ready for publication.