** Section 1.  Per the remote attestation use case, would the RATS architecture draft be more appropriate than [I-D.birkholz-rats-tuda]?

the Corpus tag appears to have no change of state -- get removed at all during the Lifecycle?

** Section 1.1.  Editorial.  After reading this section, I was wondering about what's the difference between patching and upgrading?  Does one bump the version number and the other does not?  Perhaps a forward reference to Section 2.3 would be appropriate here.

** Section 2.1.  Recommend using normative language:

** Section 2.3. Global Typo. s/section Section/Section/g

** Section 2.3.  Per "This item represents a query as defined by the W3C Media Queries     Recommendation (see [W3C.REC-css3-mediaqueries-20120619])" can normative language be applied here to constrain the format.  Perhaps "This item MUST be formatted as query defined by the W3C Media Queries Recommendation (see [W3C.REC-css3-mediaqueries-20120619]) format.

** Section 2.6 Editorial.  s/an registration ID/a registration ID/
** Section 2.6.  Per "In a given scope, the registration id MUST be used consistently for CoSWID tag production.", can you clarify what you mean by consistently?

** Section 2.7. Typo. s/a Ownership/an Ownership/
** Section 2.7.  Typo. s/Link Use Value Value/Link Use Value/
** Section 2.8.  Typo. s/identfies/identifies/
** Section 2.8.  unspsc-code.  Please cite the URL of unspsc.org by reference.

** Section 2.9.1.  Should the Status field of the Named Information Hash Algorithm Registry be considered when choosing an appropriate hash algorithm?

** Section 4.1. Typo. s/gudelines/guidelines/
** Section 4.1. Editorial. s/decimal number ./decimal number./
** Section 5.2.1. Typo. s/Proceedures/Procedures/
** Section 5.3.  Editorial. s/RFC-7049/[RFC7049]

not fixed but first pass:

** Section 5.6.1 and 5.6.2.  Please use the template described in Section 7.4 of RFC 7595.  The fields below are part of the "old template".

** Section 5.6.1.  Typo. s/speific/specific/
** Section 5.6.1.  Global Typo. s/indentify/identify/g
** Section 5.7.  Typo. s/ietm/item/
** Section 6.  Per "When an authoritative tag is signed, the software provider can be authenticated as the originator of the signature", what is the binding between the software provider and the key used to provide the signature?  Put in another way, how do I know the signature on the CoSWID really belongs to the software provider?  Same for a supplementary tag?

** Section 6. "collected from an endpoint in transit and at rest"
** Section 6.  Per "For this reason, tools that consume SWID/CoSWID tags ought to treat ...", is normative language or less colloquial language more appropriate here - s/ought/should/?

…h specific focus on SWID/CoSWID issues

…ash with Section in resource-collection