Non-Gregorian Recurrence Rules in iCalendar
draft-daboo-icalendar-rscale-04

" in an Access-
  Request packet, and "1example.org" in an Accounting-Request packet
  for that same session is forbidden.  Such behavior would make it look
  like a single user session was active simultaneously in two different
  Visited Networks, which is impossible.

  Proxies that record user session information SHOULD also record
  Operator-Name.  Proxies that do not record user session information
  do not need to record Operator-Name.

  Home Networks SHOULD record Operator-Name along with any other
  information that they record about user sessions.  Home Networks that
  expect to send CoA packets to Visited Networks MUST record Operator-
  Name for each user session that originates from a Visited Network.
  Failure to record the Operator-Name would mean that the Home Network
  would not know where to send any CoA packet.

  Networks that host both the RADIUS client and RADIUS server do not
  need to create, record or track Operator-Name.  That is, if the
  Visited Network and Home Network are the same, there is no need to
  use the Operator-Name attribute.

3.2.  Proxying of CoA-Request and Disconnect-Request packets

  When a Home Network wishes to send a CoA-Request or Disconnect-
  Request packet to a Visited Network, it MUST include an Operator-Name
  attribute in the CoA packet.  The value of the Operator-Name MUST be
  the value which was recorded earlier for that user session.

  The Home Network MUST lookup the realm from the Operator-Name in a
  logical "realm routing table", as discussed in [RFC7542] Section 3.
  That logical realm table is defined there as:

      a logical AAA routing table, where the "utf8-realm" portion
      acts as a key, and the values stored in the table are one or more
      "next hop" AAA servers.

DeKok, Alan                Proposed Standard                  [Page 9]
INTERNET-DRAFT  Dynamic Authorization Proxying in RADIUS 22 January 2019

  In order to support proxying of CoA packets, this table is extended
  to include a mapping between [Ballot comment]
Lots of good comments from Ben et al; I tried to trim duplicates from my own.

Section 1.2

  The term RSA in this document almost always refers to the PKCS#1 v1.5
  RSA signature algorithm even when not qualified as such.  There are a
  couple of places where it refers to the general RSA cryptographic
  operation, these can be determined from the context where it is used.

nit: this is a comma splice; I suggest using a semicolon instead.

Section 2

  [...] Most of
  the CMS format for S/MIME messages is defined in [RFC5751].

We cite 5751bis elsewhere; is the non-bis reference intentional?

Section 2.3

  [...] Receiving S/MIME agents SHOULD be able to
  handle messages without certificates using a database or directory
  lookup scheme.

Maybe clarify that this lookup is to obtain the certificates (and chain) in
question?

Section 3

  Note that this attribute MUST be encoded as IA5String and has an
  upper bound of 255 characters.  The right side of the email address
  SHOULD be treated as ASCII-case-insensitive.

What does "treated as" mean here?  Is it limited to "for comparison
purposes"?  Am I expected to normalize for display?  (I guess enforcing the
ASCII range is inherent in IA5String, so checking that is out of scope.)
The next paragraph has a MUST-level case-insensitive comparison, so maybe
this whole sentence is redundant?

  [...] A receiving agent SHOULD provide some explicit
  alternate processing of the message if this comparison fails, this
  might be done by displaying or logging a message that shows the
  recipient the mail addresses in the certificate or other certificate
  details.

nit: This is another comma splice.

Section 4.3

Why are we going from SHOULD+ (in Call For Adoption By WG IssuedRFC 5750