Hi,

I am the assigned IoT-Directorate reviewer for this draft.

Summary: Ready.

This document defines two CBOR Signing And Encrypted (COSE) header
parameters for incorporating RFC 3161-based timestamping into COSE
message structures (COSE_Sign and COSE_Sign1).  This enables the use
of established RFC 3161 timestamping infrastructure to prove the
creation time of a message.

While I think it might be a bit of an ask for an IoT implementation
to implement both COSE based processing and X.509 based processing,
if the IoT implementation has code for both, this would be a reasonable
way to combine them.

I think the document is well written and clear.