This document appears to be ready for publication.  It was straightforward to understand, and I found no major or minor concerns from ART's perspective.

A couple of nits:

(1) "OCTET STRING" is defined in RFC 5280.  I suggest saying so in Section 2, as that's a convention/definition used throughout.  (Or, more generally, refer to RFC 5280 in that section as a source for some conventions used in this document.)

(2) At the end of Section 3.3, there's a naked "SHOULD".  I suggest including a sentence about why this advice is there and/or why it's not a MUST.

(3) In Section 3.4.2, I imagine "ALL" is in all-caps for emphasis, but this makes it look kind of like a BCP 14 key word, and I suggest not doing that.

(4) The "SHOULD" in Section 4 could also use some "why not MUST?" sort of prose.