22.214.171.124.2 SignerInfo Constraints
The SignerInfo in the SignedData structure (section 126.96.36.199.1) MUST conform to the following constraints:
The authenticatedAttributes (section 188.8.131.52.4) field MUST be present.
This field MUST contain the following attributes:
A content-type attribute with its value set as specified in [PKCS7] section 9.2.
A message-digest attribute with its value set as specified in [PKCS7] section 9.2.
This field can also contain:
If the signature has been timestamped, then the unauthenticatedAttributes field (section 184.108.40.206.5) MUST be present and MUST contain a single Countersignature attribute ([PKCS9] section 6.6). If the signature has not been timestamped, the unauthenticatedAttributes field MUST be absent.