I have reviewed this document as part of the security directorate's ongoing effort 
to review all IETF documents being processed by the IESG.  These comments were written 
primarily for the benefit of the security area directors.  Document editors and WG chairs 
should treat these comments just like any other last call comments.

The draft aims to update RFC 7030 (Enrollment over Secure Transport) to eliminate
ambiguity that may arise when EST server wants the client to send particular attribute 
values in the certificate request.

The draft states that the security considerations from RFC7030 are unchanged and I tend to agree.
The new mechanism may also increase privacy of the client if the EST server specifies a new opaque
identifier for IDevID (which is stated in the draft).

Nits:
1. This draft updates RFC 7030, but this is not indicated in its header.

2. It seems to me that definition of id-aa-certificationRequestInfoTemplate 
   in the Section 3.3 and in the Appendix A lacks the name of the new element in OID 
   (only value "TBD2" is present).

3. Section 3.2, typo: s/MUST by/MUST be

4. Section 3.3, typo, perhaps: s/The avoid this drawback/To avoid this drawback

5. Section 3.3, possible typo: s/The SubjectPublicKeyInfo field must be present/The SubjectPublicKeyInfo field MUST be present